cloud
分类: LINUX
2009-05-01 14:49:51
環境: centos5.2
安裝 ulogd
svn co
cd ulogd
autoconf
./configure --with-mysql
make && make install
cp ulogd.init /etc/init.d/ulogd
cp ulogd.logrotate /etc/logrotate.d/ulogd
cp ulogd.8 /usr/local/share/man/man8
vi /etc/init.d/ulogd
daemon /usr/local/sbin/ulogd -d
vi /usr/local/etc/ulogd.conf
#plugin="/usr/local/lib/ulogd/ulogd_LOGEMU.so"
plugin="/usr/local/lib/ulogd/ulogd_MYSQL.so"[MYSQL]
table="ulog"
pass="ulog"
user="ulog"
db="ulog"
host="localhost"試運行: ulogd, 若沒有出現任何訊息, 且 /var/log/ulogd.log 也沒有錯誤訊息, 表示一切正常
若發生 undefined symbol: mysql_real_escape_string
vi Rules.make
找到 MYSQL_CFLAGS=... 於該行最後加上 -DOLD_MYSQL
make clean && make && make install
若發生 undefined symbol: mysql_init
vi Rules.make
找到 MYSQL_LDFLAGS=$(LDFLAGS)... 於該行最後加上 -umysql_init
make clean && make && make install
chkconfig --add ulogd
service ulogd start
安裝 nulog
svn co nulog
cd nulog
mysql -u root -p -A mysql
mysql> create database ulog;
mysql> grant all privileges on ulog.* to ulog@localhost identified by 'ulog';
mysql> flush privileges;
mysql> exitmysql -u root -p -A ulog < scripts/ulogd.mysqldump
vi Makefile
WEBDIR="var/www/html/nulog"
make install
chmod -x `find /var/www/html/nulog -type f`
cd /var/www/html/nulog
cp config.template.php config.php
vi include/config.php
$lang="en";
$nufw_enabled="no";
$netfilter_log_drop=0;
$url_base="";
$machine="YOUR_HOSTNAME";
$db_host="localhost";
$db_ulog="ulog";
$db_user="ulog";
$db_pwd="ulog";vi index.php
$state=1;
vi host.php
/*
$host=ip2long(...
if ($host<0)
$host=$host+...
*/
$host=ip2sql($host);改成
$host=ip2long(...
if ($host<0)
$host=$host+...
//$host=ip2sql($host);
應用實例
1. 本機 tcp 80 port (http) 連線記錄
iptables -A INPUT -p tcp --dport 80 -j ULOG
2. LAN User 上網連線記錄 (本機角色為 NAT)
iptables -A FORWARD -j ULOG
3. 封鎖埠口的連線記錄 (本機角色為 NAT)
iptables -N BAN_SSH
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 22 -j BAN_SSH
iptables -A BAN_SSH -j ULOG
iptables -A BAN_SSH -j DROP
參考資料
相關網頁
附錄: 狀況與排除
狀況1:
狀況2: