[pve-devel] applied: [PATCH v4 firewall 0/2] firewall conntrack logging
Alexandre DERUMIER
aderumier at odiso.com
Thu Dec 13 15:58:51 CET 2018
Thanks you very much !
Just tested, works fine.
If somebody is interested, I have build logstash parser + elastic template + kibana dashboards
----- Mail original -----
De: "Wolfgang Bumiller" <w.bumiller at proxmox.com>
À: "David Limbeck" <d.limbeck at proxmox.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Jeudi 13 Décembre 2018 14:34:32
Objet: [pve-devel] applied: [PATCH v4 firewall 0/2] firewall conntrack logging
applied
On Thu, Dec 13, 2018 at 01:08:50PM +0100, David Limbeck wrote:
> Adds optional conntrack logging. pvefw-logger is restarted whenever the
> config changes.
>
> To enable conntrack logging set 'log_nf_conntrack: 1' in
> /etc/pve/nodes/{node}/host.fw
> To enable timestamps (start and end time in [DESTROY] messages) set
> /proc/sys/net/netfilter/nf_conntrack_timestamp to 1
>
> v3 ->v4:
> fixed cover letter version
> fixed check for ENOENT
>
> v2->v3:
> incorporated Wolfgang's suggestions
> pvefw-logger:
> - file path as DEFINE
> - check for ENOENT
> - conntrack: everything other than '1' is false
>
> Firewall.pm:
> - changed command to 'try-reload-or-restart'
> - separated parts of command
> - brace placement
>
> David Limbeck (2):
> add conntrack logging via libnetfilter_conntrack
> add log_nf_conntrack host firewall option
>
> debian/control | 1 +
> src/Makefile | 2 +-
> src/PVE/Firewall.pm | 20 +++++++++++++-
> src/pvefw-logger.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 98 insertions(+), 2 deletions(-)
>
> --
> 2.11.0
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list