Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

nufw-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

From:	Vladimir Elizarov
Subject:	Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1
Date:	Tue, 19 May 2009 17:46:37 +0400
User-agent:	Thunderbird 2.0.0.21 (X11/20090409)

Glen Ogilvie wrote:
> ----- "Vladimir Elizarov" <address@hidden> wrote:
>   
>> Hello!
>> I'm install nulog 2.1.4-1 in debian lenny. Create databse, user.
>> Insert
>> dump sql nulog.pgsql.sql.
>> Get error in ulogd:
>>
>> Mon Apr  6 16:39:51 2009 <7> ulogd_PGSQL.c:216 sql error during
>> insert:
>> ERROR:  column "ip_daddr" is of type inet but expression is of type
>> bigint
>> LINE 1:
>> ...ck,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_daddr,i...
>>                                                              ^
>> HINT:  You will need to rewrite or cast the expression.
>>
>>     
>
> Hi,
>
> It sounds like ulogd will be logging the ip_daddr as a bigint, rather than an 
> IP address.  What it does
> is converts an IP address like 202.123.234.23 into decimal like: 3397118487.  
> I think this is because in mysql, the is no type for inet.  
>
> To undrestand conversions, this site is handy:
> http://www.allredroster.com/iptodec.htm
>
> So, to fix this, you either need ulogd to use a stored procedure for inserts 
> that converts it to the right type, or alter the ulog table and change the 
> column type for ip_daddr to bigint. you will probably need to change the 
> ip_saddr column too.
>
> I am assuming your using ulogd version 1, rather than 2?
>
> Regards
> Glen Ogilvie
>
>   
>> What fix?
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Nufw-users mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/nufw-users
>>     
with debug:
Starting netfilter userspace log daemon: Tue May 19 17:44:47 2009 <3>
ulogd.c:308 registering interpreter `raw'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `oob'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `ip'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `tcp'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `icmp'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `udp'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `ahesp'
Tue May 19 17:44:47 2009 <3> ulogd.c:363 registering output `pgsql'

gw0:/var/log/ulog# tail -f /var/log/ulog/ulogd.log
Tue May 19 17:43:30 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:43:32 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:44:45 2009 <5> ulogd.c:594 sigterm received, exiting
Tue May 19 17:44:47 2009 <3> ulogd.c:484 ulogd Version 1.23 starting
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:237 SELECT nspname FROM
pg_namespace n WHERE n.nspname='public'
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:246 using schema public
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:343 SELECT a.attname FROM
pg_attribute a, pg_class c LEFT JOIN pg_namespace n ON
c.relnamespace=n.oid WHERE c.relname ='ulog' AND n.nspname='public' AND
a.attnum>0 AND a.attrelid=c.oid AND a.attisdropped=FALSE ORDER BY a.attnum
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:283 allocating 4422 bytes for
statement
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:314 stmt='insert into
public.ulog
(ip_daddr,ip_saddr,ahesp_spi,icmp_fragmtu,icmp_gateway,icmp_echoseq,icmp_echoid,icmp_code,icmp_type,udp_len,udp_dport,udp_sport,tcp_urgp,tcp_window,tcp_fin,tcp_syn,tcp_rst,tcp_psh,tcp_ack,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_csum,ip_protocol,ip_ttl,ip_fragoff,ip_id,ip_totlen,ip_tos,ip_ihl,raw_pktlen,raw_mac,oob_out,oob_in,oob_mark,oob_time_usec,oob_time_sec,oob_prefix)
values ('
Tue May 19 17:44:47 2009 <3> ulogd.c:801 initialization finished,
entering main loop
[[ATue May 19 17:45:38 2009 <7> ulogd.c:812 ipulog_read == -1!
ipulog_errno == 6, errno = 105
Tue May 19 17:45:40 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:40 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:41 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:45 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:45 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:46 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:47 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:47 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:49 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:50 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:50 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1, Vladimir Elizarov, 2009/05/18
- Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1, Glen Ogilvie, 2009/05/18
  - Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1, Vladimir Elizarov, 2009/05/19
  - Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1, Vladimir Elizarov, 2009/05/19
  - Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1, Vladimir Elizarov <=
    - Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1, Glen Ogilvie, 2009/05/19

Prev by Date: Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1
Next by Date: Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1
Previous by thread: Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1
Next by thread: Re: [Nufw-users] nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1
Index(es):
- Date
- Thread