[prev in list] [next in list] [prev in thread] [next in thread]
List: ulogd
Subject: [ulogd] Re: New offers for an ULOG module.
From: Ben La Monica <ben.lamonica () gmail ! com>
Date: 2005-02-17 10:58:20
Message-ID: 7174b1e40502170258205ccf8d () mail ! gmail ! com
[Download RAW message or body]
On Thu, 17 Feb 2005 13:08:18 +0500, serjio <serjio@tajik.net> wrote:
> I had a some problems with using ULOG module. You can found a
> description of them in my post at last month at
> http://lists.gnumonks.org/pipermail/ulogd/2005-January/000687.html
> In shortly there were troubles with data transmissions between ULOG
> module and ULOGD daemon
> program. I also was worried by repeteadly messages like "ipt_ULOG: can't
> alloc whole buffer"
> from my ULOG module. Due to this I was unable to check my network
> traffic for 100%.
I just ran a test at 10Mbs (forced my network card to 10 Mbs for the
same test that I ran at http://www.pojo.us/ulogd/index.html) and it
didn't lose a single packet.
Here are the packet results:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
143607 201811616 ULOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5001 ULOG copy_range 64 nlgroup 1
queue_threshold 50
Total number of records in db:
143607
What are the arguments that you are specifying in iptables? You don't
need to copy the entire packet if all you want it the header
information (destination and source ip, port, mac, etc).
If you haven't limited the amount to copy to ulogd, try to add these settings
(ie: iptables <some chain, some rule> -j ULOG --ulog-cprange 64
--ulog-qthreshold 50)
This tells ULOG to only copy the first 64 bytes out of the packet to
userspace, and to queue the packets until you have 50 of them (saving
on overhead).
Give that a try and see if you get better results.
-Ben La Monica
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic