I'm guessing the problem is simply no userspace access to kern.log in an unprivileged container?
Anyway, problem solved by installing ulog and targeting the NFLOG stack in iptables. lxc exec www /bin/bash apt-get update apt-get install ulogd2 In /etc/iptables.up.rules: ...... # Log dropped -A INPUT -m limit --limit 5/second -j NFLOG --nflog-prefix "DROPPED " # DROP -A INPUT -j DROP COMMIT ...... Logs are stored in /var/log/ulog/syslogemu.log No other configuration was required on my part. Passing along in case someone else needs it later. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
