# Ulogd

> logging daemon for netfilter and iptables

**Wikidata**: [Q115017639](https://www.wikidata.org/wiki/Q115017639)  
**Source**: https://4ort.xyz/entity/ulogd

## Summary
Ulogd is a userspace logging daemon designed specifically for the Netfilter framework and iptables firewall system on Linux. It serves as a utility to capture and log packet data, moving logging tasks from the kernel to userspace for greater flexibility and performance. The software is free and open-source, licensed under the GNU General Public License version 2.0.

## Key Facts
- **Entity Type:** Free software, Utility software.
- **Primary Function:** Logging daemon for Netfilter and iptables.
- **Creator:** Harald Welte (Copyright held from 2000 to 2003).
- **Current Maintainers:** Harald Welte and Pablo Neira Ayuso.
- **License:** GNU General Public License, version 2.0.
- **Latest Stable Version:** 2.0.9 (released May 15, 2025).
- **Operating Platform:** Linux kernel, Linux-libre.
- **Source Repository:** https://git.netfilter.org/ulogd/
- **Official Website:** https://netfilter.org/projects/ulogd/index.html
- **Package Names:** `ulogd` (Gentoo, Nixpkgs, Guix), `ulogd2` (Debian, Ubuntu).

## FAQs
### Q: What is the primary use of Ulogd?
A: Ulogd is used to log network traffic and firewall events generated by Netfilter and iptables. It runs in userspace, allowing logs to be processed and stored in various formats (such as SQL databases or JSON) without burdening the kernel.

### Q: Who created and maintains Ulogd?
A: The software was created by German Linux kernel hacker Harald Welte. It is currently maintained by Welte and Pablo Neira Ayuso.

### Q: What is the most recent version of Ulogd?
A: The most recent stable version is 2.0.9, which was released on May 15, 2025.

### Q: Under what license is Ulogd distributed?
A: Ulogd is distributed as free software under the GNU General Public License, version 2.0.

## Why It Matters
Ulogd plays a critical role in network administration and security monitoring within the Linux ecosystem. As the standard logging daemon for Netfilter and iptables, it bridges the gap between kernel-space packet filtering and user-space data analysis. Traditional logging via the kernel (such as using the LOG target) can be resource-intensive and limited in flexibility. Ulogd solves this by receiving packets from the Netfilter queue and processing them in userspace.

This architecture allows for high-performance logging and enables the direct insertion of log data into various backend storage systems like SQL databases (MySQL, PostgreSQL, SQLite), JSON files, or PCAP formats. This capability is vital for intrusion detection systems, traffic analysis, and compliance auditing, where raw packet data needs to be queryable. Its inclusion in major distribution repositories like Debian, Ubuntu, Gentoo, Nixpkgs, and Guix underscores its status as a standard tool for Linux network infrastructure.

## Notable For
- **Userspace Logging:** Distinct from kernel-side logging, it allows complex processing of firewall logs without impacting kernel performance.
- **Multi-Backend Support:** Supports diverse output plugins including MySQL, PostgreSQL, SQLite, DBI, JSON, and PCAP.
- **Netfilter Integration:** Natively designed to interface with the Netfilter architecture, the core packet filtering framework for Linux.
- **Free Software Heritage:** Licensed under GPL-2.0, ensuring it remains free for users to study, modify, and distribute.
- **Libre Compatibility:** Explicitly noted to run on Linux-libre, a version of the Linux kernel free of proprietary binary blobs.

## Body
### Development and History
Ulogd was developed to provide a flexible logging mechanism for the Netfilter project. The intellectual property rights were held by Harald Welte starting in the year 2000 and continuing through 2003. The project has seen continued development into the 2020s and beyond.

### Version History
The software has evolved through several major iterations.
- **Version 2.0.0:** Released on June 17, 2012, establishing the 2.x series.
- **Version 2.0.8:** Released on November 2, 2022.
- **Version 2.0.9:** The current preferred stable version, released on May 15, 2025.

### Technical Architecture
Ulogd operates as a daemon (background process) on Linux systems. It is designed to run on the standard Linux kernel as well as Linux-libre. The source code is managed in a git repository hosted at `git.netfilter.org`. Bug tracking is handled via Bugzilla at `bugzilla.netfilter.org`.

### Distribution and Packaging
Ulogd is widely available across major Linux distributions, often under different package names to reflect versioning or plugin structures:
- **Debian:** The source package transitioned from `ulogd` (2001–2013) to `ulogd2` (2013–present). Available binary packages include `ulogd2`, `ulogd2-dbi`, `ulogd2-json`, `ulogd2-mysql`, `ulogd2-pcap`, `ulogd2-pgsql`, and `ulogd2-sqlite3`.
- **Ubuntu:** Mirrors the Debian structure with packages for `ulogd2` and its various database and format extensions.
- **Gentoo:** Available as `app-admin/ulogd`.
- **Nixpkgs and Guix:** Both distributions identify the package by the variable name `ulogd`.

## References

1. [ulogd 2.0.0 release. 2012](https://marc.info/?l=netfilter&m=133993505913852&w=2)
2. [ulogd 2.0.8 release. 2022](https://marc.info/?l=netfilter-devel&m=166738414622385&w=2)
3. [ulogd 2.0.9 release. 2025](https://marc.info/?l=netfilter&m=174769288424144&w=2)
4. [Source](https://packages.debian.org/source/bullseye/ulogd2)
5. [Source](https://git.netfilter.org/ulogd/tree/ulogd.c)
6. [Source](https://guix.gnu.org/en/packages/ulogd-2.0.7/)