[lxc-users] LXC and netfilter log
Michal Kubecek
mkubecek at suse.cz
Sat Aug 5 00:13:51 UTC 2017
On Fri, Aug 04, 2017 at 09:02:44PM +0200, aeris wrote:
> Hi here !
>
> I have trouble with LXC and netfilter logging.
>
> Configuring traffic log works like a charm on a baremetal machine and finish in /
> var/log/syslog as expected, but logs nothing when inside a LXC container, both
> with iptables and nftables
Logging from network namespaces other than init has been disabled since
kernel 3.10 in order to prevent host kernel log flooding from inside
a container.
If you have kernel >= 4.11 or one with commit 2851940ffee3 ("netfilter:
allow logging from non-init namespaces") backported, you can enable
netfilter logging from other network namespaces by
echo 1 >/proc/sys/net/netfilter/nf_log_all_netns
(the command must be issued from init_net).
> I try to install ulogd2 on my container too, no more luck.
Logging via NFLOG target and ulogd2 should work even without the sysctl
mentioned above, IIRC.
Michal Kubecek
More information about the lxc-users
mailing list