Re: [Lxc-users] note on using rsyslog in a container

2011-11-07 Thread Papp Tamas
On 11/07/2011 06:44 PM, Ulli Horlacher wrote:
 On Tue 2011-01-11 (02:54), Mike wrote:

 I noticed netfilter messages getting trashed in the various
 /var/log/messages on a system with two containers, netfilter rules on
 the host, and each container and the host running rsyslog.  On closer
 inspection, I realized that only every other character or so of the
 message was appearing in a given log file.
 Today I fall into the same pit, thanks to the list archive I found your
 workaround:

 Disabling kernel logging in the containers, by commenting out $ModLoad
 imklog in /etc/rsyslog.conf, straightened out the log files.
 Now only the host gets the netfilter (iptables) log messages.
 Not quite what I want...
 Will this issue be fixed in the future?

Also ULOG target can be used as an alternative.

tamas


--
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users


Re: [Lxc-users] note on using rsyslog in a container

2011-01-11 Thread Trent W. Buck
Mike deb...@good-with-numbers.com writes:

 This has sort of been mentioned earlier on this list.

 I noticed netfilter messages getting trashed in the various 
 /var/log/messages on a system with two containers, netfilter rules on 
 the host, and each container and the host running rsyslog.  On closer 
 inspection, I realized that only every other character or so of the 
 message was appearing in a given log file.  Disabling kernel logging in 
 the containers, by commenting out $ModLoad imklog in 
 /etc/rsyslog.conf, straightened out the log files.

Huh.  I disabled that because (containers') rsyslog reported it couldn't
read from the kernel log.  Maybe you've accidentally left containers
with read-access to arbitrary devices?

# These are: null zero random urandom tty* tty console
# ptmx pts/* rtc0
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rw
lxc.cgroup.devices.allow = c 1:5 rw
lxc.cgroup.devices.allow = c 1:8 rw
lxc.cgroup.devices.allow = c 1:9 rw
lxc.cgroup.devices.allow = c 4:* rw
lxc.cgroup.devices.allow = c 5:0 rw
lxc.cgroup.devices.allow = c 5:1 rw
lxc.cgroup.devices.allow = c 5:2 rw
lxc.cgroup.devices.allow = c 136:* rw
lxc.cgroup.devices.allow = c 254:0 r

And in the container, I configure rsyslog thusly:

cat /etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst EOF
case \$reason in
  BOUND|RENEW|REBIND|REBOOT) :;;
  *) return;;
esac
exec /dev/console 21 /dev/null
rm -f /etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst #
delete self

# [...]

perl -p0 -i -e 's:(.|\\\n)*/dev/xconsole\$::' /etc/rsyslog.d/50-default.conf
sed -i '/ModLoad imklog\|KLogPath/ s/^/#/' /etc/rsyslog.conf
etckeeper commit Suppress noise in logs.
sed -i '/RSYSLOG_TraditionalFileFormat/ s/^/#/' /etc/rsyslog.conf
cat /etc/rsyslog.d/20-to-logserv.conf -EOT
# Enable RFC 3339 (ns granularity) timestamps in CC'd logs.
\\\$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat
# CC all logs to logserv.
*.* @logserv
EOT
etckeeper commit Enable RFC 3339 timestamps in logs.
restart rsyslog

# [...]
EOF


--
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users