[lxc-users] LXC and netfilter log
aeris
aeris at imirhil.fr
Fri Aug 4 19:10:55 UTC 2017
Hi here !
I have trouble with LXC and netfilter logging.
Configuring traffic log works like a charm on a baremetal machine and finish in /
var/log/syslog as expected, but logs nothing when inside a LXC container, both
with iptables and nftables
iptables rules
*filter
:INPUT DROP [0:0]
-A INPUT -j LOG --log-prefix INPUT
nftables rules
table inet filter {
chain input {
type filter hook input priority 0
policy drop
log prefix "input " counter
}
}
On host :
# sysctl net.netfilter.nf_log | grep -v NONE
net.netfilter.nf_log.10 = nf_log_ipv6
net.netfilter.nf_log.2 = nf_log_ipv4
On guest:
# sysctl net.netfilter.nf_log | grep -v NONE
net.netfilter.nf_log.10 = nf_log_ipv6
net.netfilter.nf_log.2 = nf_log_ipv4
net.netfilter.nf_log.7 = nfnetlink_log
I try to install ulogd2 on my container too, no more luck.
Does somebody here was able to do traffic logging inside a container ?
Regards,
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/
Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170804/ace605ac/attachment.sig>
More information about the lxc-users
mailing list