[Lxc-users] note on using rsyslog in a container
Trent W. Buck
twb at cybersource.com.au
Wed Jan 12 00:49:51 UTC 2011
Mike <debian at good-with-numbers.com> writes:
> This has sort of been mentioned earlier on this list.
>
> I noticed netfilter messages getting trashed in the various
> /var/log/messages on a system with two containers, netfilter rules on
> the host, and each container and the host running rsyslog. On closer
> inspection, I realized that only every other character or so of the
> message was appearing in a given log file. Disabling kernel logging in
> the containers, by commenting out "$ModLoad imklog" in
> /etc/rsyslog.conf, straightened out the log files.
Huh. I disabled that because (containers') rsyslog reported it couldn't
read from the kernel log. Maybe you've accidentally left containers
with read-access to arbitrary devices?
# These are: null zero random urandom tty* tty console
# ptmx pts/* rtc0
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rw
lxc.cgroup.devices.allow = c 1:5 rw
lxc.cgroup.devices.allow = c 1:8 rw
lxc.cgroup.devices.allow = c 1:9 rw
lxc.cgroup.devices.allow = c 4:* rw
lxc.cgroup.devices.allow = c 5:0 rw
lxc.cgroup.devices.allow = c 5:1 rw
lxc.cgroup.devices.allow = c 5:2 rw
lxc.cgroup.devices.allow = c 136:* rw
lxc.cgroup.devices.allow = c 254:0 r
And in the container, I configure rsyslog thusly:
cat >/etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst <<EOF
case \$reason in
BOUND|RENEW|REBIND|REBOOT) :;;
*) return;;
esac
exec >/dev/console 2>&1 </dev/null
rm -f /etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst #
delete self
# [...]
perl -p0 -i -e 's:(.|\\\n)*/dev/xconsole\$::' /etc/rsyslog.d/50-default.conf
sed -i '/ModLoad imklog\|KLogPath/ s/^/#/' /etc/rsyslog.conf
etckeeper commit "Suppress noise in logs."
sed -i '/RSYSLOG_TraditionalFileFormat/ s/^/#/' /etc/rsyslog.conf
cat >/etc/rsyslog.d/20-to-logserv.conf <<-EOT
# Enable RFC 3339 (ns granularity) timestamps in CC'd logs.
\\\$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat
# CC all logs to logserv.
*.* @logserv
EOT
etckeeper commit "Enable RFC 3339 timestamps in logs."
restart rsyslog
# [...]
EOF
More information about the lxc-users
mailing list