CentOS 7 and ulogd problem at running.

Basher52 · 06-03-2015, 05:45 AM

Hi again, this time I got a CentOS 7 machine and now I got this problem again.

I did everything from http://www.netfilter.org/
Got ulogd 2.0.5, also the dependencies: libnfnetlink, libmnl, libnetfilter_log, libnetfilter_conntrack, libnetfilter_acct.

Everything compiled fine when I used "PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure" for some of them since they
couldn't find the pgk-config. After all that I compiled ulogd and it was OK.
(Some problem that no ulogd.conf was installed at '/usr/local/etc/' so I had to manually copy it from the 'src' directory.)
I was happy

for about a minute

As I use LOGEMU only (yet) I used only these:

Code:

# this is a stack for logging packet send by system via LOGEMU
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for packet-based logging via LOGEMU
#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for ULOG packet-based logging via LOGEMU
#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for packet-based logging via LOGEMU with filtering on MARK
#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for flow-based logging via LOGEMU
#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU

I got error on everyone of them and if I used one at the time ulogd shut down for all except 'ct1'.

The errors:

Code:

[root@kgdubben ~]# ulogd -v
Wed Jun  3 12:34:05 2015 <5> ulogd.c:843 building new pluginstance stack: 'log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'
Wed Jun  3 12:34:05 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 2
Wed Jun  3 12:34:05 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 10
Wed Jun  3 12:34:05 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 7
Wed Jun  3 12:34:05 2015 <7> ulogd_inppkt_NFLOG.c:552 unable to bind to log group 0
Wed Jun  3 12:34:05 2015 <7> ulogd.c:813 error starting `log1'
Wed Jun  3 12:34:05 2015 <5> ulogd.c:843 building new pluginstance stack: 'log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'
Wed Jun  3 12:34:05 2015 <7> ulogd_inppkt_NFLOG.c:552 unable to bind to log group 1
Wed Jun  3 12:34:05 2015 <7> ulogd.c:813 error starting `log2'
Wed Jun  3 12:34:05 2015 <5> ulogd.c:843 building new pluginstance stack: 'ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'
Wed Jun  3 12:34:05 2015 <7> ulogd.c:870 can't find requested plugin ULOG
Wed Jun  3 12:34:05 2015 <5> ulogd.c:843 building new pluginstance stack: 'log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'
Wed Jun  3 12:34:05 2015 <7> ulogd.c:870 can't find requested plugin MARK
Wed Jun  3 12:34:05 2015 <5> ulogd.c:843 building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU'
Wed Jun  3 12:34:05 2015 <5> ulogd_inpflow_NFCT.c:1399 NFCT plugin working in event mode

Can anyone with this see what I did wrong or if it's a bug or not even runnable?
If you need more info just let me know?

Basher52 · 06-03-2015, 06:17 AM

... or by the way, if you know any other logging tools like this and preferably not involving a database or anything.
This ulogd is so very perfect for me and with the fwfilter script it looks great.