[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: ulogd extension
From:       Fred Leeflang <fredl () dutchie ! org>
Date:       2009-10-30 23:11:05
Message-ID: 30defc5b0910301611i1cbd6993h2846a5b7167f023b () mail ! gmail ! com
[Download RAW message or body]

2009/10/30 Pierre Chifflier <chifflier@inl.fr>:
> On Fri, Oct 30, 2009 at 09:17:26PM +0100, Fred Leeflang wrote:
>> Hi,
>>
>> For vuurmuur I would like to write an ulogd extension that writes out
>> a log somewhat comparable to syslog. Currently vuurmuur parses syslog
>> line generated with the LOG target, we are considering changing this
>> to having ulogd do this for us through the ULOG target and said
>> extension. What's the best way to go about doing this to keep the
>> extension maintainable?
>>
>
> Hi Fred,
>
> Have you looked at the SYSLOG or LOGEMU output plugins ? Writing a
> similar plugin should be fairly easy.
> Writing external plugins is not supported. It's very easy, yet Pablo
> prefers [1] to keep things in mainline when possible, which is of course
> a good thing [2].
>
> Pierre
>
> [1] http://marc.info/?t=123996560400005&r=1&w=2
> [2] external plugins would require us to create, document, and
> maintain a stable API, for ex. Not that it can't be done, but I'm not
> sure it was part of the original plans :)
>



Hi Pierre,

Yes I was looking at those although I looked at the ulogd 1 source and
only very briefly at ulogd 2, looking at those actually gave somebody
else in #vuurmuur the idea to check into this way. It's far easier for
us to make such an extension and require ulogd to run and parse
packets for us than it is to parse a syslog text file. So if I were to
write an extension that would do what we want it to do, could that
extension be part of the builltin extensions of ulogd[1|2] ? I'm more
than happy to hack something together and let the list have a look at
it.

-Fred
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]