Здравствуйте. Подскажите, может кто сталкивался. ОС Centos 7, установлен ulog-2.0.5, в iptables правила прописаны. В таблицу ulog2 статистика записывается, но поля IP_SADDR и IP_DADDR не заполнены. Если переделать конфиг ulog для записи в файл, то там видны IP адреса.Конфиг:
[global]
######################################################################
# GLOBAL OPTIONS
######################################################################
# logfile for status messages
logfile="/var/log/ulogd/ulogd.log"
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
# loglevel=1
######################################################################
# PLUGIN OPTIONS
######################################################################
# We have to configure and load all the plugins we want to use
# general rules:
# 1. load the plugins _first_ from the global section
# 2. options for each plugin in seperate section below
plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so"
plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so"
plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so"
plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so"
plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so"
plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so"
plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so"
plugin="/usr/lib64/ulogd/ulogd_output_XML.so"
plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so"
plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so"
plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so"
# this is a stack for logging packet to MySQL
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
[mysql1]
db="nflog"
host="127.0.0.1"
user="nflog"
table="ulog"
pass="123123123"
port="64009"
group=0
procedure="INSERT_PACKET_FULL"
# backlog configuration:
# set backlog_memcap to the size of memory that will be
# allocated to store events in memory if data is temporary down
# and insert them when the database came back.
backlog_memcap=1000000
# number of events to insert at once when backlog is not empty
backlog_oneshot_requests=10
Вариант для распечатки
(ok), 21-Июл-21, 16:30 
