====== ファイアウォール管理 ====== ===== ホームネットワークトラフィック監視 ===== ==== インストール ==== # opkg update && opkg install ulogd ulogd-mod-nfacct ulogd-mod-nfct ulogd-mod-nflog ulogd-mod-xml ulogd-mod-syslog ulogd-mod-extra syslog-ng Downloading https://fw.gl-inet.com/releases/kmod-3.2/ar71xx/nand/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_core Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/sync_kmod-3.2/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_sync Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/base/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_base Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/gli_pub/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_gli_pub Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_packages Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/luci/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_luci Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/routing/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_routing Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/telephony/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_telephony Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/glinet/Packages.gz Updated list of available packages in /var/opkg-lists/glinet_glinet Installing ulogd (2.0.5-2) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd_2.0.5-2_mips_24kc.ipk Installing ulogd-mod-nfacct (2.0.5-2) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-nfacct_2.0.5-2_mips_24kc.ipk Installing ulogd-mod-nfct (2.0.5-2) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-nfct_2.0.5-2_mips_24kc.ipk Installing ulogd-mod-nflog (2.0.5-2) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-nflog_2.0.5-2_mips_24kc.ipk Installing ulogd-mod-xml (2.0.5-2) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-xml_2.0.5-2_mips_24kc.ipk Installing ulogd-mod-syslog (2.0.5-2) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-syslog_2.0.5-2_mips_24kc.ipk Installing ulogd-mod-extra (2.0.5-2) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-extra_2.0.5-2_mips_24kc.ipk Installing syslog-ng (3.9.1-3) to root... Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/syslog-ng_3.9.1-3_mips_24kc.ipk Configuring syslog-ng. Configuring ulogd. Configuring ulogd-mod-extra. Configuring ulogd-mod-nfct. Configuring ulogd-mod-syslog. Configuring ulogd-mod-xml. Configuring ulogd-mod-nfacct. Configuring ulogd-mod-nflog. ==== syslog-ng の動作確認 ==== # cat /var/log/messages Feb 26 05:48:04 TomoyanWRT-GL syslog-ng[7403]: syslog-ng starting up; version='3.9.1' ==== ulog の設定 ==== # vi /etc/ulog.conf # this is a stack for flow-based logging via LOGEMU #stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG [ct1] hash_enable=0 #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 #netlink_resync_timeout=60 # seconds to wait to perform resynchronization #pollinterval=10 # use poll-based logging instead of event-driven # If pollinterval is not set, NFCT plugin will work in event mode # In this case, you can use the following filters on events: #accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks #accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks #accept_proto_filter=tcp,sctp # layer 4 proto of connections ulogd を手動で実行して動作確認を行う。\\ # ulogd -v Wed Feb 26 05:21:35 2020 <7> ulogd.c:622 load_plugin: '/usr/lib/ulogd/ulogd_filter_IP2BIN.so': Error relocating /usr/lib/ulogd/ulogd_filter_IP2BIN.so: uint32_to_ipv6: symbol not found Wed Feb 26 05:21:35 2020 <5> ulogd.c:843 building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Wed Feb 26 05:21:35 2020 <5> ulogd_inpflow_NFCT.c:1399 NFCT plugin working in event mode **uint32_to_ipv6: symbol not found** はバグ？\\ ==== ulogd の有効化と起動 ==== # service ulogd enable # service ulogd start ==== 接続追跡フローアカウンティングを有効に設定 ==== # echo '1' > /proc/sys/net/netfilter/nf_conntrack_acct # echo 'net.netfilter.nf_conntrack_acct=1' > /etc/sysctl.d/100-custom.conf ===== 参考文献 ===== [[https://openwrt.org/docs/guide-user/firewall/netfilter_iptables/iptables_log_targets|OpenWrt Project: Logging Forwarded Packets in OpenWrt]]\\ [[https://balagetech.com/monitor-network-traffic-openwrt-syslog-ng/|Monitor home network traffic with OpenWRT and Syslog-ng]]\\