Recently I started looking into nftables since it's going to be iptables successor. While doing so I came across some logging difficulties as maintaing separate log files for different services, and while syslog isn't really up for the task(unless I missed something) and nftables wiki suggested ulogd, so I decided to give it a try, but maybe there are better solutions like rsyslog or syslog-ng, what would you suggest?
So the first thing I noticed is that ulogd while it's marked as executable doesn't start at boot time. So the solution it's either rc.local or rc.M edit. But my question is, is there a conflict of interest between syslog and ulogd, since ulogd doesn't start at a boot time and when I start it I get this message in logs:
ulogd_inppkt_NFLOG.c:501 forcing unbind of existing log handler for protocol 2
ulogd_inppkt_NFLOG.c:501 forcing unbind of existing log handler for protocol 10
ulogd_inppkt_NFLOG.c:501 forcing unbind of existing log handler for protocol 7
which leads me to another question.
Can both of the work at the same time without interfering with eachother and if so what would the config file for ulog look like. Docs on this are really scares.
Also what is the significance of the file below, I'm guessing they're populated with the system boot, but what populates them and why only protocol 2,7,10 were unbinded from nf_log_* and what is the rest of them for?
0 NONE (nfnetlink_log)
1 NONE (nfnetlink_log)
2 nfnetlink_log (nf_log_ipv4,nfnetlink_log)
3 nf_log_arp (nf_log_arp,nfnetlink_log)
4 NONE (nfnetlink_log)
5 nf_log_netdev (nf_log_netdev,nfnetlink_log)
6 NONE (nfnetlink_log)
7 nfnetlink_log (nf_log_bridge,nfnetlink_log)
8 NONE (nfnetlink_log)
9 NONE (nfnetlink_log)
10 nfnetlink_log (nf_log_ipv6,nfnetlink_log)
11 NONE (nfnetlink_log)
12 NONE (nfnetlink_log)
Thx
