How can I see the kernel logs?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















I run Ubuntu 16.04



In the linux kernel there are certain log statement for conditions on packet filtering which I'd like to see if they are actually triggered.



One example is:



/* Smaller that minimal TCP header? */
th = skb_header_pointer(skb, dataoff, sizeof(_tcph), &_tcph);
if (th == NULL)
if (LOG_INVALID(net, IPPROTO_TCP))
nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
"nf_ct_tcp: short packet ");
return -NF_ACCEPT;



https://github.com/torvalds/linux/blob/master/net/netfilter/nf_conntrack_proto_tcp.c
Line 760



How can I setup my linux system so I can see the nf_log_packet() output somewhere? Perhaps in /var/log/syslog or some other destination.



Where does it get logged? How do I activate logging?










share|improve this question


























    0















    I run Ubuntu 16.04



    In the linux kernel there are certain log statement for conditions on packet filtering which I'd like to see if they are actually triggered.



    One example is:



    /* Smaller that minimal TCP header? */
    th = skb_header_pointer(skb, dataoff, sizeof(_tcph), &_tcph);
    if (th == NULL)
    if (LOG_INVALID(net, IPPROTO_TCP))
    nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
    "nf_ct_tcp: short packet ");
    return -NF_ACCEPT;



    https://github.com/torvalds/linux/blob/master/net/netfilter/nf_conntrack_proto_tcp.c
    Line 760



    How can I setup my linux system so I can see the nf_log_packet() output somewhere? Perhaps in /var/log/syslog or some other destination.



    Where does it get logged? How do I activate logging?










    share|improve this question
























      0












      0








      0








      I run Ubuntu 16.04



      In the linux kernel there are certain log statement for conditions on packet filtering which I'd like to see if they are actually triggered.



      One example is:



      /* Smaller that minimal TCP header? */
      th = skb_header_pointer(skb, dataoff, sizeof(_tcph), &_tcph);
      if (th == NULL)
      if (LOG_INVALID(net, IPPROTO_TCP))
      nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
      "nf_ct_tcp: short packet ");
      return -NF_ACCEPT;



      https://github.com/torvalds/linux/blob/master/net/netfilter/nf_conntrack_proto_tcp.c
      Line 760



      How can I setup my linux system so I can see the nf_log_packet() output somewhere? Perhaps in /var/log/syslog or some other destination.



      Where does it get logged? How do I activate logging?










      share|improve this question














      I run Ubuntu 16.04



      In the linux kernel there are certain log statement for conditions on packet filtering which I'd like to see if they are actually triggered.



      One example is:



      /* Smaller that minimal TCP header? */
      th = skb_header_pointer(skb, dataoff, sizeof(_tcph), &_tcph);
      if (th == NULL)
      if (LOG_INVALID(net, IPPROTO_TCP))
      nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
      "nf_ct_tcp: short packet ");
      return -NF_ACCEPT;



      https://github.com/torvalds/linux/blob/master/net/netfilter/nf_conntrack_proto_tcp.c
      Line 760



      How can I setup my linux system so I can see the nf_log_packet() output somewhere? Perhaps in /var/log/syslog or some other destination.



      Where does it get logged? How do I activate logging?







      kernel linux-kernel logs netfilter






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Aug 19 '17 at 1:20









      grandnastygrandnasty

      1012




      1012




















          1 Answer
          1






          active

          oldest

          votes


















          0














          So, the following steps worked:



          Install Ulog which interfaces with some plugins to capture the kernel logging output



          sudo apt install ulog2



          Then activate the state INVALID logging by
          sudo echo "255" > /proc/sys/net/netfilter/nf_conntrack_log_invalid



          More documentation on the 255 here:
          https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt



          Set Ulog capture level to debug in:
          /etc/ulog.conf



          Then the log, if you trigger it, will be stored in:
          /var/log/ulog/syslogemu.log






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f387084%2fhow-can-i-see-the-kernel-logs%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            So, the following steps worked:



            Install Ulog which interfaces with some plugins to capture the kernel logging output



            sudo apt install ulog2



            Then activate the state INVALID logging by
            sudo echo "255" > /proc/sys/net/netfilter/nf_conntrack_log_invalid



            More documentation on the 255 here:
            https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt



            Set Ulog capture level to debug in:
            /etc/ulog.conf



            Then the log, if you trigger it, will be stored in:
            /var/log/ulog/syslogemu.log






            share|improve this answer



























              0














              So, the following steps worked:



              Install Ulog which interfaces with some plugins to capture the kernel logging output



              sudo apt install ulog2



              Then activate the state INVALID logging by
              sudo echo "255" > /proc/sys/net/netfilter/nf_conntrack_log_invalid



              More documentation on the 255 here:
              https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt



              Set Ulog capture level to debug in:
              /etc/ulog.conf



              Then the log, if you trigger it, will be stored in:
              /var/log/ulog/syslogemu.log






              share|improve this answer

























                0












                0








                0







                So, the following steps worked:



                Install Ulog which interfaces with some plugins to capture the kernel logging output



                sudo apt install ulog2



                Then activate the state INVALID logging by
                sudo echo "255" > /proc/sys/net/netfilter/nf_conntrack_log_invalid



                More documentation on the 255 here:
                https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt



                Set Ulog capture level to debug in:
                /etc/ulog.conf



                Then the log, if you trigger it, will be stored in:
                /var/log/ulog/syslogemu.log






                share|improve this answer













                So, the following steps worked:



                Install Ulog which interfaces with some plugins to capture the kernel logging output



                sudo apt install ulog2



                Then activate the state INVALID logging by
                sudo echo "255" > /proc/sys/net/netfilter/nf_conntrack_log_invalid



                More documentation on the 255 here:
                https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt



                Set Ulog capture level to debug in:
                /etc/ulog.conf



                Then the log, if you trigger it, will be stored in:
                /var/log/ulog/syslogemu.log







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 19 '17 at 1:39









                grandnastygrandnasty

                1012




                1012



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f387084%2fhow-can-i-see-the-kernel-logs%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?