Hi all, i wanted to ask you all what are you thinking to integrate Ulogd --> http://www.netfilter.org/projects/ulogd/ into IPfire environment ? This would include modification in the kernel config but also the libnetfilter_log and libnetfilter_acct packages. Since Ben made already a commit for this some time ago an inside of the potential work can be overseen in here --> http://git.ipfire.org/?p=people/trikolon/ipfire-2.x.git;a=commit;h=e3f803b70... .
Have tested this also in a Pmacctd --> http://www.pmacct.net/ environment which makes a good impression.
Greetings,
Erik
And what would this be good for?
On Wed, 2016-06-08 at 18:52 +0200, ummeegge wrote:
Hi all, i wanted to ask you all what are you thinking to integrate Ulogd --> http://ww w.netfilter.org/projects/ulogd/ into IPfire environment ? This would include modification in the kernel config but also the libnetfilter_log and libnetfilter_acct packages. Since Ben made already a commit for this some time ago an inside of the potential work can be overseen in here --> http://git.ipfire.org/?p=people/tri kolon/ipfire-2.x.git;a=commit;h=e3f803b702a39c5004cf3e614f4bc2307f576a3c .
Have tested this also in a Pmacctd --> http://www.pmacct.net/ environment which makes a good impression.
Greetings,
Erik
Hi Michael, a benefit could be extend the logging mechanisms in IPFire. Since Ulogd2 is a modular userspace logging daemon which includes per-packet logging of security violations, per-packet logging for accounting, per-flow logging and flexible user-defined accounting, it might be possibly interesting to have another way in IPFire beneath the traditional IPFire logging system. In conjunction with nfacct --> http://netfilter.org/projects/nfacct/ for example it should also be possible to use a flexible user-defined traffic accounting environment for different purposes. There are output variations included like file based logging (Syslog, File, PCAP and NACCT) but also the usage of databases (Sqlite or MySQL) is possible. Ulogd2 have also a fast plugin architecture for the entries, the output but also for filtering in many ways. There are some network plugins for IPFIX or even GRAPHITE available but i have seen also some other interesting projects to visualize the IPTable events over Ulogd2 in different and detailed ways.
I was looking for extending Syskjlogd, i gave Rsyslog also a try which might also be interesting but there is the need for some other not so lightweight dependencies like libestr json-c (libfastjson) liblogging (in minimum) but also less possibilities then Ulogd2 as far as i can see.
Not sure if all that matters for IPFire but i nevertheless wanted to send you an reference or even a question of what are you thinking about all that especially cause we have already an first idea from Ben of how to build it in Git.
A nice and short overview of what Ulogd2 is can also be found in here --> https://home.regit.org/wp-content/uploads/2013/03/ulogd2.pdf .
Greetings,
Erik
Am 09.06.2016 um 13:28 schrieb Michael Tremer michael.tremer@ipfire.org:
And what would this be good for?
On Wed, 2016-06-08 at 18:52 +0200, ummeegge wrote:
Hi all, i wanted to ask you all what are you thinking to integrate Ulogd --> http://ww w.netfilter.org/projects/ulogd/ into IPfire environment ? This would include modification in the kernel config but also the libnetfilter_log and libnetfilter_acct packages. Since Ben made already a commit for this some time ago an inside of the potential work can be overseen in here --> http://git.ipfire.org/?p=people/tri kolon/ipfire-2.x.git;a=commit;h=e3f803b702a39c5004cf3e614f4bc2307f576a3c .
Have tested this also in a Pmacctd --> http://www.pmacct.net/ environment which makes a good impression.
Greetings,
Erik
-
Michael Tremer -
ummeegge