Ulogd2

From Segfault
Jump to navigation Jump to search

Installation

Packages

sudo apt-get install ulogd2

Source

git clone git://git.netfilter.org/libnfnetlink.git
./autogen.sh
./configure --prefix=/opt/libnfnetlink
make
sudo make install

git clone git://git.netfilter.org/libnetfilter_log.git
./autogen.sh
LIBNFNETLINK_CFLAGS="-I/opt/libnfnetlink/include" LIBNFNETLINK_LIBS="-L/opt/libnfnetlink/lib" ./configure --prefix=/opt/libnetfilter_log
make
sudo make install

git clone git://git.netfilter.org/libnetfilter_conntrack.git
./autogen.sh
LIBNFNETLINK_CFLAGS="-I/opt/libnfnetlink/include" LIBNFNETLINK_LIBS="-L/opt/libnfnetlink/lib" ./configure --prefix=/opt/libnetfilter_conntrack

apt-get install libpq-dev libmysqlclient-dev

git clone git://git.netfilter.org/ulogd2.git
./autogen.sh
CFLAGS="-I/opt/libnfnetlink/include" LDFLAGS="-L/opt/libnfnetlink/lib" \
LIBNFNETLINK_CFLAGS="-I/opt/libnfnetlink/include" LIBNFNETLINK_LIBS="-L/opt/libnfnetlink/lib" \
LIBNETFILTER_LOG_CFLAGS="-I/opt/libnetfilter_log/include" LIBNETFILTER_LOG_LIBS="-L/opt/libnetfilter_log/lib" \
LIBNETFILTER_CONNTRACK_CFLAGS="-I/opt/libnetfilter_conntrack/include" LIBNETFILTER_CONNTRACK_LIBS="-L/opt/libnetfilter_conntrack/lib" \
./configure --prefix=/opt/ulogd2 
make
sudo make install

libnfnetlink-dev
libnetfilter-conntrack-dev
libnetfilter-log-dev			0.0.13-1+b1

ulogd-viz

Install some prerequisites: 

sudo apt-get -V install php-pear ulogd2-mysql
sudo pear install Net_GeoIP                      # This will install /usr/share/php/Net/GeoIP.php

Create the database: 

$ mysql -u admin -p
> create database nulog;
> create user 'nulog'@'localhost' identified by 'XXXXXXX';
> grant all privileges on nulog.* to 'nulog'@'localhost';
> flush privileges;

Create the database schema: 

gzip -dc /usr/share/doc/ulogd2/mysql-ulogd2.sql.gz | mysql -D nulog -u nulog -p

Adjust /etc/ulogd.conf: 

loglevel=1
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_MYSQL.so"

#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL

[log2]
group=1
netlink_socket_buffer_size=217088
netlink_socket_buffer_maxsize=1085440

[mysql1]
db="nulog"
host="localhost"
user="nulog"
table="ulog"
pass="XXXXXXX"

With that, ulogd should now log to the MySQL database.

Install ulogd-viz: 

git clone https://github.com/cudeso/ulogd-viz.git ulogd-viz-git && cd $_
git archive --format=tar --prefix=ulogd-viz/ HEAD | tar -C /var/www/ -xf -

Configure ulogd-viz: 

$ cd /var/www/ulogd-viz
$ cat config/ulogd.ini
[...]
[database]
username = nulog
password = XXXXXXX
database = nulog
host = localhost
ulogtable = ulog

[geoip]
database = "/usr/local/share/GeoLiteCity.dat"

[defaults]
blacklist = "/var/www/ulogd-viz/config/blacklist.txt"

Don't forget the GeoIP database: 

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gzip -d GeoLiteCity.dat.gz
sudo install -m 0444 -o root -g root ./GeoLiteCity.dat /usr/local/share/

TBD

Links

TBD!

https://home.regit.org/netfilter-en/nftables-quick-howto/
https://git.netfilter.org/ulogd2/tree/README
https://wiki.nftables.org/wiki-nftables/index.php/Simple_rule_management
https://wiki.nftables.org/wiki-nftables/index.php/Logging_traffic
https://mohskitchen.wordpress.com/2012/08/27/accounting-with-ulogd-2-and-conntrack-on-a-gbit-nat/
https://www.wzdftpd.net/blog/ulogd2-the-new-userspace-logging-daemon-for-netfilteriptables-part-2.html
https://lists.netfilter.org/pipermail/netfilter-cvslog/2009-January/006200.html
https://www.spinics.net/lists/netfilter-devel/msg20009.html
Retrieved from "https://trent.utfs.org/mediawiki/index.php?title=Ulogd2&oldid=10917"