diff mbox series

[bug#54457,9/9] gnu: Add ulogd

Message ID 51481207-31b7-58bc-00de-f0633a3a1059@gmail.com
State Accepted
Headers show
Series None | expand

Commit Message

fesoj000 March 21, 2022, 9:20 p.m. UTC 
* gnu/packages/linux.scm (ulogd): New variable.
---
  gnu/packages/linux.scm | 45 ++++++++++++++++++++++++++++++++++++++++++
  1 file changed, 45 insertions(+)

Comments

M March 23, 2022, 7:41 p.m. UTC | #1 
fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
> +@item
> +SQL database back-end support: SQLite3, MySQL and PostgreSQL
Does this work out-of-the-box, or do extra inputs need to be added for
this?
M March 23, 2022, 7:42 p.m. UTC | #2 
fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
> +   (supported-systems (filter target-linux? %supported-systems))

Conventionally, supported-systems appears at the bottom of the package
definition.
M March 23, 2022, 7:46 p.m. UTC | #3 
fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
> +          (lambda* (#:key outputs #:allow-other-keys)
> +            (let ((out-etc (string-append (assoc-ref outputs "out") "/etc"))

FWIW, you can simplify this to

  (lambda _
    (let ((out-etc (string-append #$output "/etc")))
      [...])),

eliminating the output label in favour of G-exps -- see e.g. 'hostapd'.
IMO this is a bit tidier, but not everyone seems to agree.

Greetings,
Maxime.
fesoj000 March 23, 2022, 9:28 p.m. UTC | #4 
On 3/23/22 8:41 PM, Maxime Devos wrote:
> fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
>> +@item
>> +SQL database back-end support: SQLite3, MySQL and PostgreSQL
> Does this work out-of-the-box, or do extra inputs need to be added for
> this?
Good point, this is the upstream description of the daemon. I personally
only use syslog output currently. And yes, to add support for those
database back-ends, we need to add them as inputs. Although i would prefer
to not "blow up" the package. Postgresql and especially mysql a rather "big
boys". On a router this might be a little much. This could be fixed, by
providing a separate "lib" output for those.

For me personally, i plan to continue using syslog output. Further i plan
to use pcap and josn output for certain things, but so far i did not have
time to play with that.

So, what i would do is, add sqlite, libpcap and jansson as inputs. This
enables sqlite, pcap and json output support in ulogd.

If postgresql and mysql is something somebody needs, i would propose to
introduce a new package variant which adds those inputs.

Is this something we could do?
fesoj000 March 26, 2022, 12:31 p.m. UTC | #5 
On 3/23/22 10:28 PM, fesoj000 wrote:
> On 3/23/22 8:41 PM, Maxime Devos wrote:
>> fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
>>> +@item
>>> +SQL database back-end support: SQLite3, MySQL and PostgreSQL
>> Does this work out-of-the-box, or do extra inputs need to be added for
>> this?
> Good point, this is the upstream description of the daemon. I personally
> only use syslog output currently. And yes, to add support for those
> database back-ends, we need to add them as inputs. Although i would prefer
> to not "blow up" the package. Postgresql and especially mysql a rather "big
> boys". On a router this might be a little much. This could be fixed, by
> providing a separate "lib" output for those.
> 
> For me personally, i plan to continue using syslog output. Further i plan
> to use pcap and josn output for certain things, but so far i did not have
> time to play with that.
> 
> So, what i would do is, add sqlite, libpcap and jansson as inputs. This
> enables sqlite, pcap and json output support in ulogd.
> 
> If postgresql and mysql is something somebody needs, i would propose to
> introduce a new package variant which adds those inputs.
> 
> Is this something we could do?
Below one can find three definitions, the first is ulogd with sqlite, libpcap
and jansson inputs. Following that is ulogd+postgresql and ulogd+mysql with the
additional inputs they need.

After the package definitions the output of guix size follows for every
definition. ulogd has a size of 85.0 MiB, ulogd+postgresql has a size of 140.4
MiB, ulogd+mysql has a size of 702.9 MiB.

According to this data, i would consider postgresql as input for ulogd. But
mysql increases the size way too much for me. I need to move images around the
network or upload them to some cloud. Maybe mariadb could be used as a mysql
replacement, are they still compatible? But mariadb is also large 370 MiB ...

I will wait a day or two, if i do not hear any other opinion on that i will send
a new patchset where ulogd gets postgresql as input, but mysql not.

(define-public ulogd
   (package
    (name "ulogd")
    (version "2.0.7")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "https://netfilter.org/projects/" name "/files/" name
                          "-" version ".tar.bz2"))
      (sha256
       (base32
        "0ax9959c4bapq78n13bbaibcf1gwjir3ngx8l2dh45lw9m4ha2lr"))))
    (build-system gnu-build-system)
    (supported-systems (filter target-linux? %supported-systems))
    (native-inputs (list pkg-config))
    (inputs (list libnfnetlink libmnl libnetfilter-log libnetfilter-conntrack
                  libnetfilter-acct sqlite libpcap jansson))
    (arguments
     (list #:phases
           #~(modify-phases %standard-phases
               (add-after 'install 'install-doc
                 (lambda _
                   (let ((out-etc (string-append #$output "/etc"))
                         (ulogd.conf "ulogd.conf"))
                     (mkdir-p out-etc)
                     (copy-file ulogd.conf (string-append out-etc "/" ulogd.conf))))))))
    (synopsis "Userspace logging daemon for netfilter/iptables.")
    (description "ulogd is a userspace logging daemon for netfilter/iptables
related logging. This includes per-packet logging of security violations,
per-packet logging for accounting, per-flow logging and flexible user-defined
accounting.
@enumerate
@item
Packet and flow-based traffic accounting
@item
Flexible user-defined traffic accounting via nfacct infrastructure
@item
SQL database back-end support: SQLite3
@item
Text-based output formats: CSV, XML, Netfilter's LOG, Netfilter's conntrack
@end enumerate
")
    (home-page "https://netfilter.org/projects/nfacct/index.html")
    (license license:gpl2)))

(define-public ulogd+postgresql
   (package
     (inherit ulogd)
     (name (string-append (package-name ulogd) "+postgresql"))
     (inputs (modify-inputs (package-inputs ulogd)
               (append postgresql)))
     (arguments
      (substitute-keyword-arguments (package-arguments ulogd)
        ((#:configure-flags configure-flags ''())
         `(append ,configure-flags
                  (list (string-append "--with-pgsql="
                                       (assoc-ref %build-inputs "postgresql")))))))))

(define-public ulogd+postgresql
   (package
     (inherit ulogd)
     (name (string-append (package-name ulogd) "+postgresql"))
     (inputs (modify-inputs (package-inputs ulogd)
               (append postgresql)))
     (arguments
      (substitute-keyword-arguments (package-arguments ulogd)
        ((#:configure-flags configure-flags ''())
         `(append ,configure-flags
                  (list (string-append "--with-pgsql="
                                       (assoc-ref %build-inputs "postgresql")))))))))

(define-public ulogd+mysql
   (package
     (inherit ulogd)
     (name (string-append (package-name ulogd) "+mysql"))
     (inputs (modify-inputs (package-inputs ulogd)
               (append mysql zlib openssl)))
     (arguments
      (substitute-keyword-arguments (package-arguments ulogd)
        ((#:configure-flags configure-flags ''())
         `(append ,configure-flags
                  (list (string-append "--with-mysql="
                                       (assoc-ref %build-inputs "mysql")))))))))

$ ./pre-inst-env guix size ulogd
store item                                                       total    self
/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33              38.3    36.6  43.1%
/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib          71.7    33.4  39.3%
/gnu/store/9rrnm5hdjw7cy96a2a9rfgh6y08wsbmf-ncurses-6.2.20210619    77.6     5.9   7.0%
/gnu/store/xmzx5mzv4863yw9kmr2ykndgp37p8if0-sqlite-3.36.0           82.3     3.2   3.8%
/gnu/store/720rj90bch716isd8z7lcwrnvz28ap4y-bash-static-5.1.8        1.7     1.7   2.0%
/gnu/store/wcwls45278gzpjvwlvrrs1y7h30g44xh-readline-8.1.1          79.0     1.4   1.7%
/gnu/store/4y5m9lb8k3qkb1y9m02sw9w9a6hacd16-bash-minimal-5.1.8      39.3     1.0   1.2%
/gnu/store/c8mld9g531an1r002ksbidp224l9xgff-libpcap-1.10.1          73.3     0.7   0.8%
/gnu/store/sww4g1nq9bi3hn8xqdf9x507kn3vql9v-ulogd-2.0.7             85.0     0.5   0.6%
/gnu/store/l7i9mq16vy8cp05zl0a3r5awyfsps27b-libnetfilter-conntrack-1.0.8    72.0     0.2   0.2%
/gnu/store/nprljhh7a86351vg6h23va3kfdnkwnd4-jansson-2.13.1          71.7     0.1   0.1%
/gnu/store/mfnzmv8i64s53m0g0cn2fx2sav48ssfc-libnetfilter-log-1.0.2    71.9     0.1   0.1%
/gnu/store/cpsfihchx5spv7c6y5fch0zlkvkwvlnq-libnfnetlink-1.0.1      71.7     0.1   0.1%
/gnu/store/dj7kw3mqasw0rxdbm1gkajgsznhw8b4h-libmnl-1.0.4            71.7     0.1   0.1%
/gnu/store/iny0cn6qbj0xxczqk4hfmjacyfal44w8-libnetfilter-acct-1.0.3    71.8     0.0   0.1%
total: 85.0 MiB

$ ./pre-inst-env guix size ulogd+postgresql
store item                                                       total    self
/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33              38.3    36.6  26.1%
/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib          71.7    33.4  23.8%
/gnu/store/q6qp3521gay7izpz8p68d21zsdmz6nnm-postgresql-13.4        135.5    24.3  17.3%
/gnu/store/d251rfgc9nm2clzffzhgiipdvfvzkvwi-coreutils-8.32          88.0    16.4  11.6%
/gnu/store/5583c2za2jsn9g6az79rnksgvigwnsk7-util-linux-2.37.2-lib    80.7     9.0   6.4%
/gnu/store/9rrnm5hdjw7cy96a2a9rfgh6y08wsbmf-ncurses-6.2.20210619    77.6     5.9   4.2%
/gnu/store/plr00nij45964cyy7sfcg5rcsi8hks0h-openssl-1.1.1l          77.2     5.5   3.9%
/gnu/store/xmzx5mzv4863yw9kmr2ykndgp37p8if0-sqlite-3.36.0           82.3     3.2   2.3%
/gnu/store/720rj90bch716isd8z7lcwrnvz28ap4y-bash-static-5.1.8        1.7     1.7   1.2%
/gnu/store/wcwls45278gzpjvwlvrrs1y7h30g44xh-readline-8.1.1          79.0     1.4   1.0%
/gnu/store/4y5m9lb8k3qkb1y9m02sw9w9a6hacd16-bash-minimal-5.1.8      39.3     1.0   0.7%
/gnu/store/c8mld9g531an1r002ksbidp224l9xgff-libpcap-1.10.1          73.3     0.7   0.5%
/gnu/store/snh4hdpg7k75s4gjcd2s77lkxrxx2m0m-ulogd+postgresql-2.0.7   140.4     0.6   0.4%
/gnu/store/8qv5kb2fgm4c3bf70zcg9l6hkf3qzpw9-zlib-1.2.11             71.9     0.2   0.2%
/gnu/store/l7i9mq16vy8cp05zl0a3r5awyfsps27b-libnetfilter-conntrack-1.0.8    72.0     0.2   0.1%
/gnu/store/nprljhh7a86351vg6h23va3kfdnkwnd4-jansson-2.13.1          71.7     0.1   0.1%
/gnu/store/mfnzmv8i64s53m0g0cn2fx2sav48ssfc-libnetfilter-log-1.0.2    71.9     0.1   0.0%
/gnu/store/cpsfihchx5spv7c6y5fch0zlkvkwvlnq-libnfnetlink-1.0.1      71.7     0.1   0.0%
/gnu/store/dj7kw3mqasw0rxdbm1gkajgsznhw8b4h-libmnl-1.0.4            71.7     0.1   0.0%
/gnu/store/iny0cn6qbj0xxczqk4hfmjacyfal44w8-libnetfilter-acct-1.0.3    71.8     0.0   0.0%
total: 140.4 MiB

$ ./pre-inst-env guix size ulogd+mysql
store item                                                       total    self
/gnu/store/a1qdzqnqqxshdzv9andf4v9kr8dspyil-mysql-5.7.33           697.9   204.3  29.1%
/gnu/store/069aq2v993kpc41yabp5b6vm4wb9jkhg-gcc-10.3.0             217.7   145.8  20.7%
/gnu/store/vdlmzq6h0x5lxhr0nkr315dh2fbhm8d8-boost-1.59.0           219.7   108.5  15.4%
/gnu/store/hy6abswwv4d89zp464fw52z65fkzr7h5-perl-5.34.0            147.7    58.6   8.3%
/gnu/store/hzic3ddl5yvnyw7gm4a0qc5icgqy2442-icu4c-69.1             110.7    38.0   5.4%
/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33              38.3    36.6   5.2%
/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib          71.7    33.4   4.7%
/gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32          91.6    16.4   2.3%
/gnu/store/vqdsrvs9jbn0ix2a58s99jwkh74124y5-coreutils-minimal-8.32    88.0    16.4   2.3%
/gnu/store/d99ykvj3axzzidygsmdmzxah4lvxd6hw-bash-5.1.8              85.3     6.2   0.9%
/gnu/store/9rrnm5hdjw7cy96a2a9rfgh6y08wsbmf-ncurses-6.2.20210619    77.6     5.9   0.8%
/gnu/store/plr00nij45964cyy7sfcg5rcsi8hks0h-openssl-1.1.1l          77.2     5.5   0.8%
/gnu/store/dalhky8hh7ib25m63j0c3sh6iqqf2p36-mit-krb5-1.19.2         82.2     3.9   0.6%
/gnu/store/55q02v1a3qz8n7rlhy3jva9qjkfwj8y0-gawk-5.1.0              88.6     3.3   0.5%
/gnu/store/xmzx5mzv4863yw9kmr2ykndgp37p8if0-sqlite-3.36.0           82.3     3.2   0.5%
/gnu/store/fwbiihd2sbhai63y1pvvdh0f2bakfzrf-gmp-6.2.1               74.4     2.7   0.4%
/gnu/store/720rj90bch716isd8z7lcwrnvz28ap4y-bash-static-5.1.8        1.7     1.7   0.2%
/gnu/store/di5bqb45hi5lvp2q08hlxqjdcl9phjb1-pcre-8.45               73.4     1.7   0.2%
/gnu/store/m2wmfwk2m4390dwbnjm6ps5y4c9pchi5-procps-3.3.16           79.1     1.5   0.2%
/gnu/store/wcwls45278gzpjvwlvrrs1y7h30g44xh-readline-8.1.1          79.0     1.4   0.2%
/gnu/store/2b3blhwbag1ial0dhxw7wh4zjxl0cqpk-pkg-config-0.29.2       72.8     1.1   0.2%
/gnu/store/4y5m9lb8k3qkb1y9m02sw9w9a6hacd16-bash-minimal-5.1.8      39.3     1.0   0.1%
/gnu/store/hrgqa7m498wfavq4awai3xz86ifkjxdr-grep-3.6                75.2     0.8   0.1%
/gnu/store/zhd6blbfz40xp62i4d1rcgbyrpkynbkc-sed-4.8                 72.5     0.8   0.1%
/gnu/store/c8mld9g531an1r002ksbidp224l9xgff-libpcap-1.10.1          73.3     0.7   0.1%
/gnu/store/dxvpcggxj40bbb2pp3ddicapy4gzzzqk-ulogd+mysql-2.0.7      702.9     0.6   0.1%
/gnu/store/nvqxvcx05jgixpnshxp9nypacwc2mri2-libtirpc-1.3.1          82.7     0.5   0.1%
/gnu/store/s3hl12jxz9ybs7nsy7kq7ybzz7qnzmsg-bzip2-1.0.8             73.1     0.4   0.1%
/gnu/store/a38k2v29l6l0iz6pmlk4dmzwdbvl10lq-acl-2.3.1               72.3     0.3   0.0%
/gnu/store/a7ggx0af69gv4k5mr1k617p4vy9kgx2v-libcap-2.62             72.0     0.3   0.0%
/gnu/store/jkjs0inmzhj4vsvclbf08nmh0shm7lrf-attr-2.5.1              71.9     0.2   0.0%
/gnu/store/8qv5kb2fgm4c3bf70zcg9l6hkf3qzpw9-zlib-1.2.11             71.9     0.2   0.0%
/gnu/store/mrd2bamw39851jpr4m2q8gimg8s48gzh-zlib-1.2.11             38.5     0.2   0.0%
/gnu/store/l7i9mq16vy8cp05zl0a3r5awyfsps27b-libnetfilter-conntrack-1.0.8    72.0     0.2   0.0%
/gnu/store/nprljhh7a86351vg6h23va3kfdnkwnd4-jansson-2.13.1          71.7     0.1   0.0%
/gnu/store/mfnzmv8i64s53m0g0cn2fx2sav48ssfc-libnetfilter-log-1.0.2    71.9     0.1   0.0%
/gnu/store/m4dgk1q4zvzw6lnccr7fd941w0sisb5b-libaio-0.3.112          71.7     0.1   0.0%
/gnu/store/cpsfihchx5spv7c6y5fch0zlkvkwvlnq-libnfnetlink-1.0.1      71.7     0.1   0.0%
/gnu/store/dj7kw3mqasw0rxdbm1gkajgsznhw8b4h-libmnl-1.0.4            71.7     0.1   0.0%
/gnu/store/4r6f3a6n82nv48c7nznhhcl19k7pl0ig-libsigsegv-2.13         71.7     0.1   0.0%
/gnu/store/iny0cn6qbj0xxczqk4hfmjacyfal44w8-libnetfilter-acct-1.0.3    71.8     0.0   0.0%
total: 702.9 MiB

BR
M March 26, 2022, 6:30 p.m. UTC | #6 
fesoj000 schreef op za 26-03-2022 om 13:31 [+0100]:
> After the package definitions the output of guix size follows for every
> definition. ulogd has a size of 85.0 MiB, ulogd+postgresql has a size of 140.4
> MiB, ulogd+mysql has a size of 702.9 MiB.
> 
> According to this data, i would consider postgresql as input for ulogd. But
> mysql increases the size way too much for me. I need to move images around the
> network or upload them to some cloud. Maybe mariadb could be used as a mysql
> replacement, are they still compatible? But mariadb is also large 370 MiB ...

It looks like ulogd2 has a kind of plugin architecture (see
https://git.netfilter.org/ulogd2/tree/output/Makefile.am), so perhaps
the plugins can be put in separate outputs (or separate packages,
whatever's the most convenient)?  That should eliminate the closure
size concerns.

It might be be necessary to introduce some kind of ULOGD_PLUGIN_PATH
though such that it will actually find the libraries it tries to
dlopen, without having to explicitely pass the full
/gnu/store/.../lib/....so.

Greetings,
Maxime.
diff mbox series

Patch

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 3124e57ef0..94d7cd92dd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7488,6 +7488,51 @@  (define-public libnetfilter-log
     (home-page "https://netfilter.org/projects/libnetfilter_log/index.html")
     (license license:gpl2+)))
  
+(define-public ulogd
+  (package
+   (name "ulogd")
+   (version "2.0.7")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "0ax9959c4bapq78n13bbaibcf1gwjir3ngx8l2dh45lw9m4ha2lr"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list pkg-config libnfnetlink libmnl libnetfilter-log
+                 libnetfilter-conntrack libnetfilter-acct))
+   (arguments
+    `(#:phases
+      (modify-phases %standard-phases
+        (add-after 'install 'install-doc
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out-etc (string-append (assoc-ref outputs "out") "/etc"))
+                  (ulogd.conf "ulogd.conf"))
+              (mkdir-p out-etc)
+              (copy-file ulogd.conf (string-append out-etc "/" ulogd.conf))))))))
+   (synopsis "Userspace logging daemon for netfilter/iptables.")
+   (description "ulogd is a userspace logging daemon for netfilter/iptables
+related logging. This includes per-packet logging of security violations,
+per-packet logging for accounting, per-flow logging and flexible user-defined
+accounting.
+@enumerate
+@item
+Packet and flow-based traffic accounting
+@item
+Flexible user-defined traffic accounting via nfacct infrastructure
+@item
+SQL database back-end support: SQLite3, MySQL and PostgreSQL
+@item
+Text-based output formats: CSV, XML, Netfilter's LOG, Netfilter's conntrack
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/nfacct/index.html")
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")