AUTHOR: Thomas Trepl DATE: 2003-11-01 LICENSE: GNU Free Documentation License Version 1.2 SYNOPSIS: Setup ULOG daemon DESCRIPTION: How to setup the ULOG daemon PREREQUISITES: Kernel >= 2.4.18-pre8 recommended otherwise a patch required HINT: Introduction to ULOG daemon The ULOG the user space log facility for iptables. With this package, you can store the log entries normally stored in the kernel.log file in another file which Download location for the ULOG daemon package: ftp://ftp.netfilter.org/pub/ulogd/ulogd-1.02.tar.bz2 If you have a kernel older than 2.4.18-pre8 than the ulog-patch is required. For this, see the netfilter page (http://www.netfilter.org). Unpacking the tarball --------------------- Extract the source package by executing this command tar -xjf /ulogd-1.02.tar.bz2 Than, you should have the directory 'ulogd-1.02' in the current directory. Configuring ----------- CD into the directory newly created by the above tar command and do a ./configure --prefix=/usr --sysconfdir=/etc As all of the LFS/BLFS packages we will go to install this package in /usr, too. If you don't want that, just leave the --prefix out - than it will be installed in /usr/local. With the --sysconfdir=/etc we ensure, that the configuration file will be stored in /etc and not in /usr/etc. Building the binaries --------------------- After configuring we do the well known sequence of make && make install Creating startup script ----------------------- To start the ULOG daemon when system is (re-)started, create the startup script: cat > /etc/rc.d/init.d/ulogd <<"EOF" #!/bin/sh # Begin $rc_base/init.d/ulogd # Based on sysklogd script from LFS-3.1 and earlier. # Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org source /etc/sysconfig/rc source $rc_functions case "$1" in start) echo "Starting ULOG daemon..." loadproc ulogd -d evaluate_retval ;; stop) echo "Stopping ULOG daemon..." killproc ulogd evaluate_retval ;; reload) echo "Reloading ULOG daemon..." reloadproc ulogd evaluate_retval ;; restart) $0 stop sleep 1 $0 start ;; status) statusproc ulogd ;; *) echo "Usage: $0 {start|stop|reload|restart|status}" exit 1 ;; esac # End $rc_base/init.d/ulogd EOF Don't forget to make it executable by issuing chmod 754 /etc/rc.d/init.d/ulogd and create the links for the different runlevels: ln -sf ../init.d/ulogd /etc/rc.d/rc0.d/K95ulogd ln -sf ../init.d/ulogd /etc/rc.d/rc1.d/K95ulogd ln -sf ../init.d/ulogd /etc/rc.d/rc2.d/K95ulogd ln -sf ../init.d/ulogd /etc/rc.d/rc3.d/S12ulogd ln -sf ../init.d/ulogd /etc/rc.d/rc4.d/S12ulogd ln -sf ../init.d/ulogd /etc/rc.d/rc5.d/S12ulogd ln -sf ../init.d/ulogd /etc/rc.d/rc6.d/K95ulogd Patching the conf-file ---------------------- With the first installation, you will get a configuration file placed in /etc/ulogd.conf. This configuration file is usable (at least for me) but there are some links to wrong directories in it. Simply do a sed -i -e 's;/usr/local/;/usr/;g' /etc/ulogd.conf to remove the /usr/local directory references and insert the /usr instead. If you have installed your ULOG daemon un /usr/local, than of course, do not do this sed. Example for firewall scripts ---------------------------- In my firewall start script, there is a definition which allowes me to do an outbound connection to port 888 (cddb). In (seldom activated) verbose mode, my script will generate the following lines to enable this: /usr/sbin/iptables -A OUTPUT -o ppp+ -p tcp --dport 888 \ -j ULOG --ulog-prefix "ACCEPT:O:CDDB " /usr/sbin/iptables -A OUTPUT -o ppp+ -p tcp --dport 888 -j ACCEPT Note the rest of the first command, which is folded into the second line. This is the definition to pass the log info to ULOG. The log files ------------- When using the default configuration file, there will be two new logfiles in /var/log. This logfiles are ulogd.log - for logging ulogd's activities and ulogd.syslogemu - there will the log infos go to VERSION: 1.0 CHANGELOG: 1.0 Creation