ulogd - The Netfilter Userspace Logging Daemon

neo.chan · #1

Netkiller Linux 手札
Debian/Ubuntu Cookbook
Neo Chan

中国广东省深圳市宝安区龙华镇
518109
+86 755 29812080
+86 755 29812080
<openunix@163.com>
文档出处
http://netkiller.8800.org/
http://netkiller.hikz.com/
http://netkiller.mefound.com

版权 © 2006, 2007, 2008 Netkiller(Neo Chan). All rights reserved.

版权声明

你可以任意转载，转载请与作者联系，转载时请务必标明文章原始出处和作者信息及本声明。

文档最近一次更新于 Fri Nov 7 09:03:48 UTC 2008

对初学Linux的爱好者忠告

玩Linux最忌reboot（重新启动）这是windows玩家坏习惯

Linux 只要接上电源你就不要再想用reboot,shutdown,halt,poweroff命令,Linux系统和应用软件一般备有 reload,reconfigure,restart/start/stop...不需要安装软件或配置服务器后使用reboot重新引导计算机

在 Linux系统里SIGHUP信号被定义为刷新配置文件,有些程序没有提供reload参数,你可以给进程发送HUP信号,让它刷新配置文件,而不用 restart.通过pkill,killall,kill 都可以发送HUP信号例如: pkill -HUP httpd

ulogd - The Netfilter Userspace Logging Daemon

ulogd homepage: http://www.gnumonks.org/projects/

1.

Installation

$ sudo apt-get install ulogd

$ sudo apt-get install ulogd-mysql
2.

Configure LOGEMU

plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"

3.

Configure MYSQL

$ sudo vim /etc/ulogd.conf

plugin="/usr/lib/ulogd/ulogd_MYSQL.so"
[MYSQL]
table="ulog"
pass="ulog"
user="ulog"
db="ulogd"
host="localhost"

create database

neo@master:~$ mysql -u root -p -A mysql
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.0.51a-3ubuntu5.1-log (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database ulogd;
Query OK, 1 row affected (0.07 sec)

mysql> grant all privileges on ulogd.* to ulog@localhost identified by 'ulog';
Query OK, 0 rows affected (0.09 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)

mysql> source /usr/share/doc/ulogd-mysql/mysql.table
Query OK, 0 rows affected (0.05 sec)

mysql> exit;
Bye
neo@master:~$

4.

Iptables

iptables -A INPUT -p tcp --dport 80 -j ULOG
iptables -A FORWARD -j ULOG

5.

Starting

$ sudo /etc/init.d/ulogd start
6.

testing

logemu

neo@master:~$ tail -f /var/log/ulog/syslogemu.log
Oct 20 12:54:07 master IN=eth0 OUT= MAC=00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 SRC=192.168.245.1 DST=192.168.245.129 LEN=40 TOS=00 PREC=0x00 TTL=128 ID=30048 DF PROTO=TCP SPT=2080 DPT=80 SEQ=1732529774 ACK=1543952440 WINDOW=64608 ACK URGP=0
Oct 20 12:54:22 master IN=eth0 OUT= MAC=00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 SRC=192.168.245.1 DST=192.168.245.129 LEN=40 TOS=00 PREC=0x00 TTL=128 ID=30294 DF PROTO=TCP SPT=2080 DPT=80 SEQ=1732529774 ACK=1543952441 WINDOW=64608 ACK URGP=0
Oct 20 12:54:32 master IN=eth0 OUT= MAC=00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 SRC=192.168.245.1 DST=192.168.245.129 LEN=40 TOS=00 PREC=0x00 TTL=128 ID=30481 DF PROTO=TCP SPT=2080 DPT=80 SEQ=1732529774 ACK=1543952441 WINDOW=64608 ACK FIN URGP=0
Oct 20 12:55:27 master IN=eth0 OUT= MAC=00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 SRC=192.168.245.1 DST=192.168.245.129 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=31444 DF PROTO=TCP SPT=2087 DPT=80 SEQ=866215326 ACK=0 WINDOW=65535 SYN URGP=0

mysql

mysql> select count(*) from ulog;
+----------+
| count(*) |
+----------+
| 8 |
+----------+
1 row in set (0.03 sec)

mysql> select id, raw_mac from ulog;
+----+--------------------------------------------+
| id | raw_mac |
+----+--------------------------------------------+
| 1 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 2 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 3 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 4 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 5 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 6 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 7 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 8 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 9 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
+----+--------------------------------------------+
9 rows in set (0.00 sec)