nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

Vladimir Elizarov
Hello!
I'm install nulog 2.1.4-1 in debian lenny. Create databse, user. Insert
dump sql nulog.pgsql.sql.
Get error in ulogd:

Mon Apr  6 16:39:51 2009 <7> ulogd_PGSQL.c:216 sql error during insert:
ERROR:  column "ip_daddr" is of type inet but expression is of type bigint
LINE 1: ...ck,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_daddr,i...
                                                             ^
HINT:  You will need to rewrite or cast the expression.

What fix?

Thanks.


_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users

signature.asc (268 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

Glen Ogilvie-2
----- "Vladimir Elizarov" <[hidden email]> wrote:

> Hello!
> I'm install nulog 2.1.4-1 in debian lenny. Create databse, user.
> Insert
> dump sql nulog.pgsql.sql.
> Get error in ulogd:
>
> Mon Apr  6 16:39:51 2009 <7> ulogd_PGSQL.c:216 sql error during
> insert:
> ERROR:  column "ip_daddr" is of type inet but expression is of type
> bigint
> LINE 1:
> ...ck,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_daddr,i...
>                                                              ^
> HINT:  You will need to rewrite or cast the expression.
>

Hi,

It sounds like ulogd will be logging the ip_daddr as a bigint, rather than an IP address.  What it does
is converts an IP address like 202.123.234.23 into decimal like: 3397118487.  I think this is because in mysql, the is no type for inet.  

To undrestand conversions, this site is handy:
http://www.allredroster.com/iptodec.htm

So, to fix this, you either need ulogd to use a stored procedure for inserts that converts it to the right type, or alter the ulog table and change the column type for ip_daddr to bigint. you will probably need to change the ip_saddr column too.

I am assuming your using ulogd version 1, rather than 2?

Regards
Glen Ogilvie

> What fix?
>
> Thanks.
>
>
> _______________________________________________
> Nufw-users mailing list
> [hidden email]
> http://lists.nongnu.org/mailman/listinfo/nufw-users


_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users
Reply | Threaded
Open this post in threaded view
|

Re: nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

Vladimir Elizarov
Glen Ogilvie wrote:

> ----- "Vladimir Elizarov" <[hidden email]> wrote:
>  
>> Hello!
>> I'm install nulog 2.1.4-1 in debian lenny. Create databse, user.
>> Insert
>> dump sql nulog.pgsql.sql.
>> Get error in ulogd:
>>
>> Mon Apr  6 16:39:51 2009 <7> ulogd_PGSQL.c:216 sql error during
>> insert:
>> ERROR:  column "ip_daddr" is of type inet but expression is of type
>> bigint
>> LINE 1:
>> ...ck,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_daddr,i...
>>                                                              ^
>> HINT:  You will need to rewrite or cast the expression.
>>
>>    
>
> Hi,
>
> It sounds like ulogd will be logging the ip_daddr as a bigint, rather than an IP address.  What it does
> is converts an IP address like 202.123.234.23 into decimal like: 3397118487.  I think this is because in mysql, the is no type for inet.  
>
> To undrestand conversions, this site is handy:
> http://www.allredroster.com/iptodec.htm
>
> So, to fix this, you either need ulogd to use a stored procedure for inserts that converts it to the right type, or alter the ulog table and change the column type for ip_daddr to bigint. you will probably need to change the ip_saddr column too.
>  
Ok. I'll try to change the type of column to bigint. I just started
working with pgsql. Can you suggest how to do it?
> I am assuming your using ulogd version 1, rather than 2?
>  
Yes, i using ulogd version 1.

Thanks for help.

> Regards
> Glen Ogilvie
>
>  
>> What fix?
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Nufw-users mailing list
>> [hidden email]
>> http://lists.nongnu.org/mailman/listinfo/nufw-users
>>    


_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users

signature.asc (268 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

Vladimir Elizarov
In reply to this post by Glen Ogilvie-2
Glen Ogilvie wrote:

> ----- "Vladimir Elizarov" <[hidden email]> wrote:
>  
>> Hello!
>> I'm install nulog 2.1.4-1 in debian lenny. Create databse, user.
>> Insert
>> dump sql nulog.pgsql.sql.
>> Get error in ulogd:
>>
>> Mon Apr  6 16:39:51 2009 <7> ulogd_PGSQL.c:216 sql error during
>> insert:
>> ERROR:  column "ip_daddr" is of type inet but expression is of type
>> bigint
>> LINE 1:
>> ...ck,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_daddr,i...
>>                                                              ^
>> HINT:  You will need to rewrite or cast the expression.
>>
>>    
>
> Hi,
>
> It sounds like ulogd will be logging the ip_daddr as a bigint, rather than an IP address.  What it does
> is converts an IP address like 202.123.234.23 into decimal like: 3397118487.  I think this is because in mysql, the is no type for inet.  
>
> To undrestand conversions, this site is handy:
> http://www.allredroster.com/iptodec.htm
>
> So, to fix this, you either need ulogd to use a stored procedure for inserts that converts it to the right type, or alter the ulog table and change the column type for ip_daddr to bigint. you will probably need to change the ip_saddr column too.
>  
I'm change type column. Get segfault ulogd:

Tue May 19 17:08:29 2009 <5> ulogd.c:594 sigterm received, exiting

> I am assuming your using ulogd version 1, rather than 2?
>
> Regards
> Glen Ogilvie
>
>  
>> What fix?
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Nufw-users mailing list
>> [hidden email]
>> http://lists.nongnu.org/mailman/listinfo/nufw-users
>>    


_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users

signature.asc (268 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

Vladimir Elizarov
In reply to this post by Glen Ogilvie-2
Glen Ogilvie wrote:

> ----- "Vladimir Elizarov" <[hidden email]> wrote:
>  
>> Hello!
>> I'm install nulog 2.1.4-1 in debian lenny. Create databse, user.
>> Insert
>> dump sql nulog.pgsql.sql.
>> Get error in ulogd:
>>
>> Mon Apr  6 16:39:51 2009 <7> ulogd_PGSQL.c:216 sql error during
>> insert:
>> ERROR:  column "ip_daddr" is of type inet but expression is of type
>> bigint
>> LINE 1:
>> ...ck,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_daddr,i...
>>                                                              ^
>> HINT:  You will need to rewrite or cast the expression.
>>
>>    
>
> Hi,
>
> It sounds like ulogd will be logging the ip_daddr as a bigint, rather than an IP address.  What it does
> is converts an IP address like 202.123.234.23 into decimal like: 3397118487.  I think this is because in mysql, the is no type for inet.  
>
> To undrestand conversions, this site is handy:
> http://www.allredroster.com/iptodec.htm
>
> So, to fix this, you either need ulogd to use a stored procedure for inserts that converts it to the right type, or alter the ulog table and change the column type for ip_daddr to bigint. you will probably need to change the ip_saddr column too.
>
> I am assuming your using ulogd version 1, rather than 2?
>
> Regards
> Glen Ogilvie
>
>  
>> What fix?
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Nufw-users mailing list
>> [hidden email]
>> http://lists.nongnu.org/mailman/listinfo/nufw-users
>>    
with debug:
Starting netfilter userspace log daemon: Tue May 19 17:44:47 2009 <3>
ulogd.c:308 registering interpreter `raw'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `oob'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `ip'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `tcp'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `icmp'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `udp'
Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `ahesp'
Tue May 19 17:44:47 2009 <3> ulogd.c:363 registering output `pgsql'

gw0:/var/log/ulog# tail -f /var/log/ulog/ulogd.log
Tue May 19 17:43:30 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:43:32 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:44:45 2009 <5> ulogd.c:594 sigterm received, exiting
Tue May 19 17:44:47 2009 <3> ulogd.c:484 ulogd Version 1.23 starting
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:237 SELECT nspname FROM
pg_namespace n WHERE n.nspname='public'
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:246 using schema public
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:343 SELECT a.attname FROM
pg_attribute a, pg_class c LEFT JOIN pg_namespace n ON
c.relnamespace=n.oid WHERE c.relname ='ulog' AND n.nspname='public' AND
a.attnum>0 AND a.attrelid=c.oid AND a.attisdropped=FALSE ORDER BY a.attnum
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:283 allocating 4422 bytes for
statement
Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:314 stmt='insert into
public.ulog
(ip_daddr,ip_saddr,ahesp_spi,icmp_fragmtu,icmp_gateway,icmp_echoseq,icmp_echoid,icmp_code,icmp_type,udp_len,udp_dport,udp_sport,tcp_urgp,tcp_window,tcp_fin,tcp_syn,tcp_rst,tcp_psh,tcp_ack,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tcp_sport,ip_csum,ip_protocol,ip_ttl,ip_fragoff,ip_id,ip_totlen,ip_tos,ip_ihl,raw_pktlen,raw_mac,oob_out,oob_in,oob_mark,oob_time_usec,oob_time_sec,oob_prefix)
values ('
Tue May 19 17:44:47 2009 <3> ulogd.c:801 initialization finished,
entering main loop
[[ATue May 19 17:45:38 2009 <7> ulogd.c:812 ipulog_read == -1!
ipulog_errno == 6, errno = 105
Tue May 19 17:45:40 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:40 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:41 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:45 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:45 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:46 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:47 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:47 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:49 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:50 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105
Tue May 19 17:45:50 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
== 6, errno = 105





_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users

signature.asc (268 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: nulog 2.1.4-1 + ulogd-pgsql 1.24-2.1

Glen Ogilvie-2
On Wednesday 20 May 2009 01:46:37 you wrote:

> with debug:
> Starting netfilter userspace log daemon: Tue May 19 17:44:47 2009 <3>
> ulogd.c:308 registering interpreter `raw'
> Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `oob'
> Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `ip'
> Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `tcp'
> Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `icmp'
> Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `udp'
> Tue May 19 17:44:47 2009 <3> ulogd.c:308 registering interpreter `ahesp'
> Tue May 19 17:44:47 2009 <3> ulogd.c:363 registering output `pgsql'
>
> gw0:/var/log/ulog# tail -f /var/log/ulog/ulogd.log
> Tue May 19 17:43:30 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
> == 6, errno = 105
> Tue May 19 17:43:32 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
> == 6, errno = 105
> Tue May 19 17:44:45 2009 <5> ulogd.c:594 sigterm received, exiting
> Tue May 19 17:44:47 2009 <3> ulogd.c:484 ulogd Version 1.23 starting
> Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:237 SELECT nspname FROM
> pg_namespace n WHERE n.nspname='public'
> Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:246 using schema public
> Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:343 SELECT a.attname FROM
> pg_attribute a, pg_class c LEFT JOIN pg_namespace n ON
> c.relnamespace=n.oid WHERE c.relname ='ulog' AND n.nspname='public' AND
> a.attnum>0 AND a.attrelid=c.oid AND a.attisdropped=FALSE ORDER BY a.attnum
> Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:283 allocating 4422 bytes for
> statement
> Tue May 19 17:44:47 2009 <1> ulogd_PGSQL.c:314 stmt='insert into
> public.ulog
> (ip_daddr,ip_saddr,ahesp_spi,icmp_fragmtu,icmp_gateway,icmp_echoseq,icmp_ec
>hoid,icmp_code,icmp_type,udp_len,udp_dport,udp_sport,tcp_urgp,tcp_window,tcp
>_fin,tcp_syn,tcp_rst,tcp_psh,tcp_ack,tcp_urg,tcp_ackseq,tcp_seq,tcp_dport,tc
>p_sport,ip_csum,ip_protocol,ip_ttl,ip_fragoff,ip_id,ip_totlen,ip_tos,ip_ihl,
>raw_pktlen,raw_mac,oob_out,oob_in,oob_mark,oob_time_usec,oob_time_sec,oob_pr
>efix) values ('
> Tue May 19 17:44:47 2009 <3> ulogd.c:801 initialization finished,
> entering main loop
> [[ATue May 19 17:45:38 2009 <7> ulogd.c:812 ipulog_read == -1!
> ipulog_errno == 6, errno = 105
> Tue May 19 17:45:40 2009 <7> ulogd.c:812 ipulog_read == -1! ipulog_errno
> == 6, errno = 105


If you disable the pgsql output filter, and just use the syslog output plugin,
does the error go away?    I think this error might not be related to pgsql,
but to some kernel settings.

See:
http://markmail.org/message/3gt5egpublaspp4h

Can someone from INL please have a look at the thread I have found and
Vladimir's problem?

Regards
--
Glen Ogilvie
Open Systems Specialists
Level 1, 162 Grafton Road
http://www.oss.co.nz/

Ph: +64 9 984 3000
Mobile: +64 21 684 146
GPG Key: ACED9C17


_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users