-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, First off let me say that I love Shorewall, and have been using it for awhile now with little to no problems. However, recently I decided that I would like to get all the shorewall messages out or /var/log/messages, and into their own file for ease of management. I printed out the directions for installing and using "Ulogd" as the message logger. I downloaded the latest TAR file (Version 1.0) of Ulogd, and followed the instructions that Tom wrote and put on the web site. Unfortunately, I can''t seem to get ulogd to startup. I am running Redhat V9, with the 2.4.20-18.9 kernel, btw. Following are the /var/log/messages and other info I have gathered. The log doesn''t give me much to go on as to "why" it fails to start. Any suggestions on where to look, or what I have done wrong would be greatly appreciated. Thanks, Joe $$$ /var/log/messages $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <3> ulogd.c:295 Jun 22 11:37:15 Firewall1 ulogd: registering interpreter `raw'' Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <3> ulogd.c:295 registering interpreter `oob'' Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <3> ulogd.c:295 registering interpreter `ip'' Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <3> ulogd.c:295 registering interpreter `tcp'' Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <3> ulogd.c:295 registering interpreter `icmp'' Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <3> ulogd.c:295 registering interpreter `udp'' Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <3> ulogd.c:295 registering interpreter `ahesp'' Jun 22 11:37:15 Firewall1 ulogd: Sun Jun 22 11:37:15 2003 <5> ulogd.c:350 registering output `syslogemu'' Jun 22 11:37:15 Firewall1 ulogd: ulogd startup failed $$$ File Locations $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ [root@Firewall1 log]# ls -la /etc/init.d/u* - -rwxr-xr-x 1 root root 733 Jun 22 11:34 /etc/init.d/ulogd [root@Firewall1 log]# ls -la /usr/local/sbin/u* - -rwxr-xr-x 1 root root 73844 Jun 22 05:43 /usr/local/sbin/ulogd # Example configuration for ulogd # $Id: ulogd.conf,v 1.8 2002/07/30 07:15:54 laforge Exp $ # $$$ ulogd.conf file $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ###################################################################### # GLOBAL OPTIONS ###################################################################### # netlink multicast group (the same as the iptables --ulog-nlgroup param) nlgroup 1 # logfile for status messages logfile /var/log/ulogd.log # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) loglevel 5 # libipulog receive buffer size (should be at least the size of the # in-kernel buffer (ipt_ULOG.o ''nlbufsiz'' parameter) bufsize 65535 ###################################################################### # PLUGIN OPTIONS ###################################################################### # We have to configure and load all the plugins we want to use # general rules: # 1. specify the options FIRST, then load the plugin # 2. interpreter plugins have to precede output plugins # # ulogd_BASE.so - interpreter plugin for basic IPv4 header fields # you will always need this plugin /usr/local/lib/ulogd/ulogd_BASE.so # # ulogd_LOGEMU.so - simple syslog emulation target # # where to write to syslogfile /var/log/shorewall.log # do we want to fflush() the file after each write? syslogsync 1 # load the plugin plugin /usr/local/lib/ulogd/ulogd_LOGEMU.so # # ulogd_OPRINT.so: file for packet dumping # # where to write the log dumpfile /var/log/ulogd.pktlog # load the plugin (remove the ''#''if you want to enable it #plugin /usr/local/lib/ulogd/ulogd_OPRINT.so # # ulogd_MYSQL.so: optional logging into a MySQL database # # database information mysqltable ulog mysqlpass changeme mysqluser laforge mysqldb ulogd mysqlhost localhost # load the plugin (remove the ''#'' if you want to enable it) #plugin /usr/local/lib/ulogd/ulogd_MYSQL.so # # ulogd_PGSQL.so: optional logging into a PostgreSQL database # # database information pgsqltable ulog pgsqlpass pgsqluser postgres pgsqldb ulogd pgsqlhost localhost #load the plugin (remove the ''#'' if you want to enable it) #plugin /usr/local/lib/ulogd/ulogd_PGSQL.so ~ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBPvXYpi/qPRZR5h9wEQJ5iACg5c5YApvPUx11G62fD0UMAbXiUV4Anj+c LCpO6xwQSPJAWDlCbcistMYi =UfiJ -----END PGP SIGNATURE-----