[Bug 977] ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol

Sat Nov 22 03:58:19 CET 2014

https://bugzilla.netfilter.org/show_bug.cgi?id=977

Netbug <b1b30ee4 at opayq.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #27 from Netbug <b1b30ee4 at opayq.com> ---
Hi Eric,

The logging was my mistake, I truly apologize...

I read this regarding NFLOG and the group;

```````````````````````

Shorewall

4) Support for the NFLOG log target has been added. NFLOG is a
successor to ULOG. In addition, both ULOG and NFLOG may be followed
by a list of up to three numbers in parentheses.

The first number specifies the netlink group (1-32). If omitted
(e.g., NFLOG(,0,10)) then a value of 1 is assumed.

The second number specifies the maximum number of bytes to copy. If
omitted, 0 (no limit) is assumed.

The third number specifies the number of log messages that should
be buffered in the kernel before they are sent to user space. The
default is 1.

Examples:

/etc/shorewall/shorewall.conf:

MACLIST_LOG_LEVEL=NFLOG(1,0,1)

So I now added in to my shorewall NFLOG(1,0,1), which if I'm understanding this
correct, the first 1 gives me group 1 which I believe is what you said I need.
And now with this setting I'm seeing logging... :)

In ulog.conf I'm using;

stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

But I noticed I was still getting these messages;

ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 2
ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 7
ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 10

And I noticed that if I commentd out #bind=1 under [log2] then these messages
don't appear;

```````````````````````

[log2]
# netlink multicast group (the same as the iptables --nflog-group param)
group=1 # Group has to be different from the one use in log1
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
# group 0 is not used by any stack, you need to have at least one NFLOG
# input plugin with bind set to 1. If you don't do that you may not
# receive any message from the kernel.
#bind=1

```````````````````````
Then now with the #bind=1 commented the ulog.log is clean; /var/log/ulogd.log;
and as I mentioned, I'm still getting logging to work...

Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `NFLOG'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `NFCT'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `IFINDEX'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `IP2STR'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `IP2BIN'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `PRINTPKT'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `HWHDR'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `PRINTFLOW'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `LOGEMU'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `SYSLOG'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `XML'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `GPRINT'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `BASE'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `NFACCT'
Fri Nov 21 16:45:42 2014 <5> ulogd.c:375 registering plugin `GRAPHITE'

So I thought you mentioned I need to have bind=1 uncommented? But it creates
these messags, so maybe there's still something going on here, and not a user
error at this point?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141122/d7f1dd1f/attachment-0001.html>