firehol icon indicating copy to clipboard operation
firehol copied to clipboard

Published 20 hours ago verified publisher icon firehol

How to easily convert iptables-based rsyslog/logrotate configs to nflog/ulogd2?

Open johnnyutahh opened this issue 3 years ago • 2 comments

Summary

How can I easily convert iptables-based rsyslog + logrotate configurations to a firehol + nflog/ulog rig (per FireHOL's suggestion)on Ubuntu 20.04, without having to do lots of nflog/ulog research?

Details

A few years ago I wrote a iptables firewall bash script for many of our servers/vpn/etc and created corredspondingrsyslog and logrotate configurations (to manage the large number of firewal-log entries for the publicly-exposed machines). My team has since migrated/converted said iptables script to firehol.conf (thank goodness) but have not yet "migrated" the corresponding iptables-based rsyslog and logrotate configurations on Ubuntu 20.04 to nflog/ulog per the firehol-project suggestion. I'm looking for an easy way to migrate the aforementioned rsyslog and logrotate configs without having to spend lots of research time (to figure this out).

eg: which ulogd2 files do I edit? Can I simply copy the above config-file content directly into ulogd2 /etc files? etc etc.

Yes, I realize I'm asking the FireHOL community about logging configurations. My reasoning:

  1. it's FireHOL's suggestion to move to nflog/ulog so there must be a good reason (for the firehol project to make this suggestion), and
  2. I've not yet found concise+easy docs to help guide me for this effort, and
  3. I do want to avoid hours of research time to find what I suspect is a relatively-easy answer that someone here at the firehol community already knows.
  4. (Yes, this might make me quite lazy. I'd like to argue pragmatically so. ;-) )

I'm also happy to adjust our firehol.conf to make easy(ier) accommodation(s) for our logging rig, migration from rsyslog/logrotate, etc.

For my team's reference: https://unix.stackexchange.com/questions/138135/whats-the-difference-between-ulog-and-nflog

johnnyutahh avatar May 03 '22 02:05 johnnyutahh

srsly - just check firehol+ulogd2 documentation and close this 'issue' .. .

fred0r avatar May 26 '22 06:05 fred0r

srsly - just check firehol+ulogd2 documentation and close this 'issue' .. .

And where is this found? https://firehol.org/firehol-manual/firehol-defaults-conf/ ? Somewhere else?

The following google search does not reveal much; the top of said result it this issue.

https://www.google.com/search?q=%22firehol%22+%22ulogd2%22

johnnyutahh avatar Nov 30 '22 23:11 johnnyutahh