ulogd2-mysql patch for NFCT

Filed in Linux | Networking Leave a comment

Seems ulogd2-mysql table schema is outdated, even in git repo is not updated (but pgsql does … WTH!). So it not log conntrack event to database because missing ct_event fields.

So this is [patch version], already submitted upstream and wait for update.

In real world use. logging conntrack event to database is not really good solution because it grows very (very (very)) fast.
By default ulogd use hashing so it only insert connection on DESTROYED state unless to want it to log every events.

In case you log all events, it hard to know when the connection starts and end because it log NEW and DESTROY event separately.
Matching require connection ID which not unique after system restart.

And if you need for only logging not analyze, keep default hashing on (log only DESTROY event) and just DROP ALL INDEXES.
It slow down and quite consume the valueable disk space.

So i have some projects myself for implement real-time selective accounting of conntrack flows which also can do hashing
and also do logging, statistics, etc (For … interface with SNMP). The idea was to use libnfconntrack and netlink. But i need to find good bindings in Perl first.

There is another NET::Netfilter::Netflow perl that directy use conntrack-tools for conntrack events to export Netflow v5 to netflow collector but lacks support of IPv6.

Why outdated Perl languages ? … It fast and works well with parsing something!

, , , ,