架设ulog系统

leit

環境: centos5.2
安裝 ulogd
svn co https://svn.netfilter.org/netfilter/trunk/ulog/ulogd/
cd ulogd
autoconf
./configure --with-mysql
make && make install
cp ulogd.init /etc/init.d/ulogd
cp ulogd.logrotate /etc/logrotate.d/ulogd
cp ulogd.8 /usr/local/share/man/man8
vi /etc/init.d/ulogd
daemon /usr/local/sbin/ulogd -d
vi /usr/local/etc/ulogd.conf
#plugin="/usr/local/lib/ulogd/ulogd_LOGEMU.so"
plugin="/usr/local/lib/ulogd/ulogd_MYSQL.so"
[MYSQL]
table="ulog"
pass="ulog"
user="ulog"
db="ulog"
host="localhost"
試運行: ulogd, 若沒有出現任何訊息, 且 /var/log/ulogd.log 也沒有錯誤訊息, 表示一切正常
若發生 undefined symbol: mysql_real_escape_string
vi Rules.make
找到 MYSQL_CFLAGS=... 於該行最後加上 -DOLD_MYSQL
make clean && make && make install
若發生 undefined symbol: mysql_init
vi Rules.make
找到 MYSQL_LDFLAGS=$(LDFLAGS)... 於該行最後加上 -umysql_init
make clean && make && make install
chkconfig --add ulogd
service ulogd start
安裝 nulog
svn co http://software.inl.fr/svn/mirror/edenwall/nulog/trunk/ nulog
cd nulog
mysql -u root -p -A mysql
mysql> create database ulog;
mysql> grant all privileges on ulog.* to ulog@localhost identified by 'ulog';
mysql> flush privileges;
mysql> exit
mysql -u root -p -A ulog
WEBDIR="var/www/html/nulog"
make install
chmod -x `find /var/www/html/nulog -type f`
cd /var/www/html/nulog
cp config.template.php config.php
vi include/config.php
$lang="en";
$nufw_enabled="no";
$netfilter_log_drop=0;
$url_base="http://your.host/nulog/";
$machine="YOUR_HOSTNAME";
$db_host="localhost";
$db_ulog="ulog";
$db_user="ulog";
$db_pwd="ulog";
vi index.php
$state=1;
vi host.php
/*
$host=ip2long(...
if ($host
應用實例
1. 本機 tcp 80 port (http) 連線記錄
iptables -A INPUT -p tcp --dport 80 -j ULOG
2. LAN User 上網連線記錄 (本機角色為 NAT)
iptables -A FORWARD -j ULOG
3. 封鎖埠口的連線記錄 (本機角色為 NAT)
iptables -N BAN_SSH
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 22 -j BAN_SSH
iptables -A BAN_SSH -j ULOG
iptables -A BAN_SSH -j DROP
參考資料

• 
  FC6 中的 iptables + ulogd + nulog
  

相關網頁

• 
  netfilter/iptables project homepage -- The netfilter.org "ulogd" project
  
  
• 
  INL software -- EdenWall/NuLog
  
  
• 
  IptablesWeb
  
  
• 
  Jamyy's Weblog -- Bandwidth Monitoring Tools For Linux
  

附錄: 狀況與排除
狀況1:

• MySQL: v5.0.45 (by source installation, prefix=/usr/local/mysql)
  
• 執行 ulogd 時發生: ulogd_MYSQL.c:409 can't establish database connection
  
• 解決方法:
  
  
  
  • 編輯 Rules.make, 找到 MYSQL_CFLAGS=... 去除 -DOLD_MYSQL, 並重新 make clean && make && make install (非必要)
    
  • 編輯 ulogd.conf, 將 [MYSQL] 的 host="localhost" 改成 host="127.0.0.1"

狀況2:

• MySQL: v4.1.22 (by rpm installation, MySQL-*-4.1.22-0.glibc23.rpm)
  
• 執行 ulogd 時發生: undefined symbol: mysql_real_escape_string
  
• 解決方法:
  
  
  
  • 編輯 Rules.make, 找到 MYSQL_LDFLAGS=$(LDFLAGS)... 於該行最後加上 -umysql_init
    
  • 執行 make clean && make && make install 即可

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/89213/showart_1915826.html