ulogd2 and multiple outputs

ulogd2 and multiple outputs

[Martin Mares]

Hello, world!\n

I am configuring ulogd2 on my router and I would like to log all packets
rejected by the firewall to both a textual log and a PCAP file.

However, ulogd2 refuses to put multiple output modules in a single stack,
so I have to make iptables send packets to two different NFLOG groups
handled by separate ulogd stacks.

Is there any reason why multiple output modules cannot be combined?
From a brief inspection of the code, it does not appear to be.

				Have a nice fortnight
-- 
Martin `MJ' Mares                          <mj@ucw.cz>   http://mj.ucw.cz/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
Immanuel doesn't pun, he Kant.

Re: ulogd2 and multiple outputs

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 894 bytes --]

Hello,

That's a late reply but it is one anyway. 

Le mercredi 04 juillet 2012 à 18:44 +0200, Martin Mares a écrit :
> Hello, world!\n
> 
> I am configuring ulogd2 on my router and I would like to log all packets
> rejected by the firewall to both a textual log and a PCAP file.
> 
> However, ulogd2 refuses to put multiple output modules in a single stack,
> so I have to make iptables send packets to two different NFLOG groups
> handled by separate ulogd stacks.	


You can use the same input in two different stacks:

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log1:NFLOG,base1:BASE,pcap1:PCAP

You can even do something like:

stack=log1:NFLOG,base1:BASE,pcap1:PCAP,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

BR,
-- 
Eric Leblond 
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]