[lxc-users] LXC and netfilter log
aeris
aeris at imirhil.fr
Wed Aug 9 08:18:15 UTC 2017
> Logging from network namespaces other than init has been disabled since
> kernel 3.10 in order to prevent host kernel log flooding from inside
> a container.
>
> If you have kernel >= 4.11 or one with commit 2851940ffee3 ("netfilter:
> allow logging from non-init namespaces") backported, you can enable
> netfilter logging from other network namespaces by
>
> echo 1 >/proc/sys/net/netfilter/nf_log_all_netns
>
> (the command must be issued from init_net).
>
> > I try to install ulogd2 on my container too, no more luck.
>
> Logging via NFLOG target and ulogd2 should work even without the sysctl
> mentioned above, IIRC.
Hi,
Thanks for the reply.
I try with a 4.11 kernel, logs are OK.
Will retry with nflog+ulogd2 too, I surely miss a point during my setup test.
Regards,
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/
Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170809/f4197a4e/attachment.sig>
More information about the lxc-users
mailing list