bugzilla-daemon at bugzilla.netfilter.org
2011-May-19 09:49 UTC
[Bug 652] pcap plugin problem
http://bugzilla.netfilter.org/show_bug.cgi?id=652 Mariusz Kielpinski <kielpi at poczta.onet.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kielpi at poczta.onet.pl Status|ASSIGNED |NEW --- Comment #3 from Mariusz Kielpinski <kielpi at poczta.onet.pl> 2011-05-19 11:49:00 --- (In reply to comment #0)> I'm trying to set up a transparent firewall using ebtables and ulogd (under > Fedora 12 x86_64). A few days ago, I raised bug 651 re. ulogd 1.23. Since then, > I decided to try ulogd 2.0.0beta3 (as apparently I could then try using the > --nflog options in ebtables instead of the --ulog options.) This is proving a > lot more encouraging: the syslogemu plugin is working fine. However, when I try > to save the packets using the pcap plugin, I get lots of log messages like the > following: > > Wed May 12 15:33:25 2010 <7> ulogd_output_PCAP.c:170 Error during write: > Success > Wed May 12 15:33:25 2010 <5> ulogd.c:499 error during propagate_results > > (No output is appended to the pcap log.) > > Any ideas? >I have the same problem on Debian 6 and ulogd 2 version beta 4 Thu May 19 11:24:47 2011 <5> ulogd.c:499 error during propagate_results Thu May 19 11:24:47 2011 <7> ulogd_output_PCAP.c:170 Error during write: Success Thu May 19 11:24:47 2011 <5> ulogd.c:499 error during propagate_results Thu May 19 11:24:49 2011 <7> ulogd_output_PCAP.c:170 Error during write: Success Thu May 19 11:24:49 2011 <5> ulogd.c:499 error during propagate_results Thu May 19 11:24:50 2011 <7> ulogd_output_PCAP.c:170 Error during write: Success Thu May 19 11:24:50 2011 <5> ulogd.c:499 error during propagate_results Thu May 19 11:24:50 2011 <7> ulogd_output_PCAP.c:170 Error during write: Success Thu May 19 11:24:50 2011 <5> ulogd.c:499 error during propagate_results Thu May 19 11:26:16 2011 <7> ulogd_output_PCAP.c:170 Error during write: Success Thu May 19 11:26:16 2011 <5> ulogd.c:499 error during propagate_results Thu May 19 11:26:17 2011 <7> ulogd_output_PCAP.c:170 Error during write: Success Thu May 19 11:26:17 2011 <5> ulogd.c:499 error during propagate_results What is more plugin LOGEMU works well but I prefer pcap because it can be used witch wireshark -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-May-20 13:55 UTC
[Bug 652] pcap plugin problem
http://bugzilla.netfilter.org/show_bug.cgi?id=652 --- Comment #4 from Mariusz Kielpinski <kielpi at poczta.onet.pl> 2011-05-20 15:55:34 --- More detail on this isue: Rule used for gathering ipv6 data: ULOG_SAMPLING14="--nflog-group=14 --nflog-prefix xxxxxxxxxxx --nflog-threshold 1" ${IPT6} -A INPUT -i eth4 -m state --state NEW -j NFLOG $ULOG_SAMPLING14 I can correctly collect data for other output plugins. Configuration of ulogd 2 stack=log13:NFLOG,base1:BASE,pcap12:PCAP [log13] group=14 addressfamily=10 [pcap12] file="some_file" sync=1 some_file is created however it cannot be read by wireshark because the packets are malformed (due to wireshark info). -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Reasonably Related Threads
- [Bug 1218] New: ULOGD PCAP Plugin Missing Ethernet Headers
- [Bug 741] New: ULOGD segfaults on init
- Using NFLOG in shorewall6
- [Bug 871] New: Running two instances of ulog causes abort in libnfnetlink
- [Bug 977] ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol