235842 – app-admin/ulogd-1.2{3,4} syslog extension does not log

Bug 235842 - app-admin/ulogd-1.2{3,4} syslog extension does not log

Summary: app-admin/ulogd-1.2{3,4} syslog extension does not log

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Unspecified (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Wormo (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-26 22:32 UTC by Dean Hall
Modified:	2009-10-03 23:46 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dean Hall 2008-08-26 22:32:03 UTC

I've encountered at least one bug in the syslog extension of ulogd, which I've patched below, and allows ulogd to read the [SYSLOG] section of /etc/ulogd.conf properly. I haven't been able to track down the rest of the bugs, however.

Reproducible: Always

Steps to Reproduce:
1. emerge =app-admin/ulogd-1.23-r2
2. Use the following config (/etc/ulogd.conf):
# ulogd.conf

[global]
nlgroup=32
logfile="syslog"
loglevel=1
rmem=131071
bufsize=150000

plugin="/usr/lib64/ulogd/ulogd_BASE.so"
plugin="/usr/lib64/ulogd/ulogd_SYSLOG.so"

[SYSLOG]
level="LOG_INFO"
facility="LOG_LOCAL7"

3. Replace any "-j LOG" targets in iptables with "--ulog-nlgroup 32 --ulog-prefix iptables --ulog-qthreshold 1".
4. Start ulogd.
5. Watch syslog.
Actual Results:  
While ulogd is able to log status messages to syslog, the syslog extension never logs any blocked packets.

Expected Results:  
ulogd should log packets blocked by iptables to syslog.

Comment 1 Dean Hall 2008-08-26 22:33:14 UTC

This is the patch I made to correct config parsing:

--- extensions/ulogd_SYSLOG.c   2008-08-26 14:46:21.000000000 -0400
+++ extensions/ulogd_SYSLOG.c.new       2008-08-26 15:03:30.000000000 -0400
@@ -50,7 +50,7 @@
 static config_entry_t level_ce = { 
        .next = &facility_ce, 
        .key = "level", 
-       .type = CONFIG_TYPE_INT,
+       .type = CONFIG_TYPE_STRING,
        .options = CONFIG_OPT_NONE, 
        .u = { .string = SYSLOG_LEVEL_DEFAULT }
 };
@@ -118,7 +118,7 @@
                syslog_level = LOG_DEBUG;
        else {
                ulogd_log(ULOGD_FATAL, "unknown level '%s'\n",
-                       facility_ce.u.string);
+                       level_ce.u.string);
                exit(2);
        }

Comment 2 Wormo (RETIRED) gentoo-dev

2009-08-11 06:45:44 UTC

Syslog support works in ulogd-1.24-r1, which also has security improvements (runs as non-root user) and is now unmasked. I'm going to hold off on tampering with the stable 1.23-r1 ebuild unless someone specifically clamors for syslog support in that version. Is that anything you care about, or would you just as soon upgrade to ulogd-1.24-r1 (assuming you're even still running ulogd on your gentoo box, having reported this almost a year ago...)

Comment 3 Dean Hall 2009-08-12 04:58:35 UTC

(In reply to comment #2)
> Syslog support works in ulogd-1.24-r1

I just tried it out, and it seems to work fine. They even fixed a few bugs it seems.

> Is that anything you care about, or would you just as
> soon upgrade to ulogd-1.24-r1 (assuming you're even still running ulogd on your
> gentoo box, having reported this almost a year ago...)

I'm still using it, and upgrading seems to work great.

I still have two complaints, but they're not major:

1) The new config file does not include any reference to the SYSLOG module.

2) usr/share/doc/ulogd-1.24-r1/ulogd.txt.bz2 does not mention the ability to use a non-root user, though I guess this may be an upstream issue.

Thanks for the info!

Comment 4 Wormo (RETIRED) gentoo-dev

2009-08-12 07:10:05 UTC

Try 1.24-r2, it addresses point #1 and also adds a logrotate file (in case you also use logemu or pcap modules).