diff options
Diffstat (limited to 'ulogd/README')
-rw-r--r-- | ulogd/README | 97 |
1 files changed, 0 insertions, 97 deletions
diff --git a/ulogd/README b/ulogd/README deleted file mode 100644 index 3510007..0000000 --- a/ulogd/README +++ /dev/null @@ -1,97 +0,0 @@ -Userspace logging facility for iptables / linux 2.4 -$Id: README,v 1.7 2002/04/16 12:44:41 laforge Exp $ - -Project Homepage: http://www.gnumonks.org/projects/ulogd -Mailinglist: http://lists.gnumonks.org/mailman/listinfo/ulogd/ - -This is just a short README, pleaes see the more extensive documentation -in the doc/ subdirectory. - -===> IDEA - -This packages is intended for passing packets from the kernel to userspace -to do some logging there. It should work like that: - -- Register a target called ULOG with iptables -- if the target is hit: - - send the packet out using netlink multicast facility - - return NF_CONTINUE immediately - -New with ipt_ULOG 0.8 we can accumulate packets in userspace and send -them in small batches (1-50) to userspace. This reduces the amount of -expensive context switches. - -More than one logging daemon may listen to the netlink multicast address. - -===> CONTENTS - -= Ulog library (libipulog.a) -Just a little library like libipq.a which provides a convenient way to -write userspace logging daemons. The functions provided are described -in the source code, a small demo program (ulog_test) is also included. - -= ulogd daemon (ulogd) -A sophisticated logging daemon which uses libipulog. The daemon provides -an easy to use plugin interface to write additional packet interpreters and -output targets. Example plugins (interpreter: ip, tcp, icmp output: simple -logging to a file) are included. - -= documentation (doc) -A quite verbose documentation of this package and it's configuration exists, -please actually make use of it and read it :) - -===> USAGE - -The kernel part of the userspace logging facility (ipt_ULOG.o) is included -in kernels >= 2.4.18-pre8. If you are running older kernel versions, you MUST -install the ulog-patch from netfilter patch-o-matic FIRST !! - -Please go to the netfilter homepage (http://www.netfilter.org/) -and download the latest iptables package. There is a system called -patch-o-matic, which manages recent netfilter development, which has -not been included in the stock kernel yet. - -Just apply the ulog-patch from patch-o-matic (there is some documentation -included in the iptables package how to use patch-o-matic). - -Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in -the netfilter subsection of the network options. - -Then recompile the kernel or just recompile the netfilter modules using 'make -modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using -'make modules_install' - -It is also a good idea to recompile and re-install the iptables package, -if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or -/usr/lib/iptables - -Now You are ready to go. You may now insert logging rules to every chain. -To see the full syntax, type 'iptables -j ULOG -h' - -===> EXAMPLES - -At first a simple example, which passes every outgoing packet to the -userspace logging, using netlink multicast group 3. - -iptables -A OUTPUT -j ULOG --ulog-nlgroup 3 - -A more advanced one, passing all incoming tcp packets with destination -port 80 to the userspace logging daemon listening on netlink multicast -group 32. All packets get tagged with the ulog prefix "inp" - -iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp - -Since version 0.2, I added another parameter (--ulog-cprange). -Using this parameter You are able to specify how much octets of the -packet should be copied from the kernel to userspace. -Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0 - -===> COPYRIGHT + CREDITS - -The code is (C) 2000-2003 by Harald Welte <laforge@gnumonks.org> - -Thanks also to the valuable Contributions of Daniel Stone, Alexander -Janssen and Michael Stolovitzsky. - -Credits to Rusty Russel, James Morris, Marc Boucher and all the other -netfilter hackers. |