Ulogd 2.x on CentOS 6
Windcolour – second sight
A touch of silence and the violence of dark
Illusion span – the aroma of time
Shadowlife and the scent of nothingness
(Dark Tranquillity – Insanity’s Crescendo)
Ulogd is a small deamon capable of logging iptables output from ULOG (or other targets) to various different backends. One can log into MySQL, PostgreSQL, sqlite, or plain old textual log file. I used ulogd massively on servers on CentOS 5, so I really missed the CentOS 6 version. Now, I’ve noticed ulogd 2.0.0-beta4 being available in Fedora 17, so opportunity came for me to backport it. RedHat Enterprise Linux 6 is based on Fedora 12, and luckily things haven’t gone out of reach quite yet, so backporting from latest Fedora to RHEL/CentOS 6 are still quite easy.
Binary and source packages are available in Srce RPM repository for Enterprise Linux. You can add SRCE to your yum repositories list simply by running following set of commands:
# /usr/bin/wget http://ftp.srce.hr/redhat/_repos/RPM-GPG-KEY-SRCE # /bin/rpm --import RPM-GPG-KEY-SRCE # /bin/rm -f RPM-GPG-KEY-SRCE # /bin/rpm -Uvh http://ftp.srce.hr/srce-redhat/base/el6/x86_64/srce-release-5-3.el6.srce.noarch.rpm
After this things are quite easy, just use yum and install the software:
# yum install ulogd
Enjoy!
Any chance of seeing an updated ulogd package? the package in the repo is still 2.0.0, while 2.0.4 is current.
I can look into it, but last time I tried to package it up I had problems with ULOGD target requiring some libs that are newer then the ones delivered with CentOS 6.
The probability for ulogd 2.0.5 in CentOS7?
Here the libs should be OK, I tried to compile all from netfilter.org myself but the result just gives me these errors:
[root@~]# ulogd -v
Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 2
Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 10
Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 7
Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:552 unable to bind to log group 0
Wed Jun 3 12:34:05 2015 ulogd.c:813 error starting `log1′
Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:552 unable to bind to log group 1
Wed Jun 3 12:34:05 2015 ulogd.c:813 error starting `log2′
Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
Wed Jun 3 12:34:05 2015 ulogd.c:870 can’t find requested plugin ULOG
Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
Wed Jun 3 12:34:05 2015 ulogd.c:870 can’t find requested plugin MARK
Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU’
Wed Jun 3 12:34:05 2015 ulogd_inpflow_NFCT.c:1399 NFCT plugin working in event mode
If you’re using CentOS 7 there are packages from Lux repositories offering Ulogd:
http://repo.iotti.biz/CentOS/7/x86_64/ulogd-2.0.4-3.el7.lux.1.x86_64.rpm
Tried that one and it still gave the same result 😦
Think I better do a total reinstall just to be sure that nothing got ‘F’ed up 😛
I also think that you know what your doing so if you could fix this for CentOS7, I sure would spread that around 🙂 with the latest ulogd(v2.0.5) though 😛
Just want to let you know that ‘ulogd-2.0.4-3.el7.lux.1.x86_64.rpm’ does not work on my
CentOS7 – Linux 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux.
You got anymore things you could help out with?
My mind is blank. I tried installing the required packages that are needed for the dependencies that follow trying to installing this but I got to the same error.
Just to let everyone know, I got it working 🙂
First I installed the dependencies through netfilter.org but that was a bad thing. Later I used the RPMs on the place I got this ulogd RPM from and after that it all worked fine.
Some problem though with config and the output of it but that’s another matter 😛
Thx again jsosic 😀
I have the same error, but I only used the packages coming from lux. Can you explain what you did exactly?
well, like I wrote in my last post, the one you answered to.
I had mixed the RPM of this with the dependencies from netfiler.org and that didn’t mid well so I used everything from the place I got this RPM, thus http://ftp.srce.hr/
Try that.
PS. I still haven’t understood how to config it to get it to work properly, but haven’t got much time for it so…. right now, I can’t see anything from the ip-tables log.
If you @newton ever finds another solution for this iptables-log-viewing preferably a browser solution or such, lemme know 🙂
da*n it…
exchange the word ‘mid’ with mix 😛