bugzilla-daemon at bugzilla.netfilter.org
2011-May-19 09:49 UTC
[Bug 652] pcap plugin problem
http://bugzilla.netfilter.org/show_bug.cgi?id=652
Mariusz Kielpinski <kielpi at poczta.onet.pl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kielpi at poczta.onet.pl
Status|ASSIGNED |NEW
--- Comment #3 from Mariusz Kielpinski <kielpi at poczta.onet.pl>
2011-05-19 11:49:00 ---
(In reply to comment #0)> I'm trying to set up a transparent firewall using ebtables and ulogd
(under
> Fedora 12 x86_64). A few days ago, I raised bug 651 re. ulogd 1.23. Since
then,
> I decided to try ulogd 2.0.0beta3 (as apparently I could then try using the
> --nflog options in ebtables instead of the --ulog options.) This is proving
a
> lot more encouraging: the syslogemu plugin is working fine. However, when I
try
> to save the packets using the pcap plugin, I get lots of log messages like
the
> following:
>
> Wed May 12 15:33:25 2010 <7> ulogd_output_PCAP.c:170 Error during
write:
> Success
> Wed May 12 15:33:25 2010 <5> ulogd.c:499 error during
propagate_results
>
> (No output is appended to the pcap log.)
>
> Any ideas?
>
I have the same problem on Debian 6 and ulogd 2 version beta 4
Thu May 19 11:24:47 2011 <5> ulogd.c:499 error during propagate_results
Thu May 19 11:24:47 2011 <7> ulogd_output_PCAP.c:170 Error during write:
Success
Thu May 19 11:24:47 2011 <5> ulogd.c:499 error during propagate_results
Thu May 19 11:24:49 2011 <7> ulogd_output_PCAP.c:170 Error during write:
Success
Thu May 19 11:24:49 2011 <5> ulogd.c:499 error during propagate_results
Thu May 19 11:24:50 2011 <7> ulogd_output_PCAP.c:170 Error during write:
Success
Thu May 19 11:24:50 2011 <5> ulogd.c:499 error during propagate_results
Thu May 19 11:24:50 2011 <7> ulogd_output_PCAP.c:170 Error during write:
Success
Thu May 19 11:24:50 2011 <5> ulogd.c:499 error during propagate_results
Thu May 19 11:26:16 2011 <7> ulogd_output_PCAP.c:170 Error during write:
Success
Thu May 19 11:26:16 2011 <5> ulogd.c:499 error during propagate_results
Thu May 19 11:26:17 2011 <7> ulogd_output_PCAP.c:170 Error during write:
Success
Thu May 19 11:26:17 2011 <5> ulogd.c:499 error during propagate_results
What is more plugin LOGEMU works well but I prefer pcap because it can be used
witch wireshark
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-May-20 13:55 UTC
[Bug 652] pcap plugin problem
http://bugzilla.netfilter.org/show_bug.cgi?id=652
--- Comment #4 from Mariusz Kielpinski <kielpi at poczta.onet.pl>
2011-05-20 15:55:34 ---
More detail on this isue:
Rule used for gathering ipv6 data:
ULOG_SAMPLING14="--nflog-group=14 --nflog-prefix xxxxxxxxxxx
--nflog-threshold
1"
${IPT6} -A INPUT -i eth4 -m state --state NEW -j NFLOG $ULOG_SAMPLING14
I can correctly collect data for other output plugins.
Configuration of ulogd 2
stack=log13:NFLOG,base1:BASE,pcap12:PCAP
[log13]
group=14
addressfamily=10
[pcap12]
file="some_file"
sync=1
some_file is created however it cannot be read by wireshark because
the packets are malformed (due to wireshark info).
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Reasonably Related Threads
- [Bug 1218] New: ULOGD PCAP Plugin Missing Ethernet Headers
- [Bug 741] New: ULOGD segfaults on init
- Using NFLOG in shorewall6
- [Bug 871] New: Running two instances of ulog causes abort in libnfnetlink
- [Bug 977] ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol