Re: [Lxc-users] note on using rsyslog in a container
On 11/07/2011 06:44 PM, Ulli Horlacher wrote: > On Tue 2011-01-11 (02:54), Mike wrote: > >> I noticed netfilter messages getting trashed in the various >> /var/log/messages on a system with two containers, netfilter rules on >> the host, and each container and the host running rsyslog. On closer >> inspection, I realized that only every other character or so of the >> message was appearing in a given log file. > Today I fall into the same pit, thanks to the list archive I found your > workaround: > >> Disabling kernel logging in the containers, by commenting out "$ModLoad >> imklog" in /etc/rsyslog.conf, straightened out the log files. > Now only the host gets the netfilter (iptables) log messages. > Not quite what I want... > Will this issue be fixed in the future? Also ULOG target can be used as an alternative. tamas -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] note on using rsyslog in a container
On Tue 2011-01-11 (02:54), Mike wrote: > I noticed netfilter messages getting trashed in the various > /var/log/messages on a system with two containers, netfilter rules on > the host, and each container and the host running rsyslog. On closer > inspection, I realized that only every other character or so of the > message was appearing in a given log file. Today I fall into the same pit, thanks to the list archive I found your workaround: > Disabling kernel logging in the containers, by commenting out "$ModLoad > imklog" in /etc/rsyslog.conf, straightened out the log files. Now only the host gets the netfilter (iptables) log messages. Not quite what I want... Will this issue be fixed in the future? -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel:++49-711-685-65868 Allmandring 30 Fax:++49-711-682357 70550 Stuttgart (Germany) WWW:http://www.rus.uni-stuttgart.de/ -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] note on using rsyslog in a container
Mike writes: > This has sort of been mentioned earlier on this list. > > I noticed netfilter messages getting trashed in the various > /var/log/messages on a system with two containers, netfilter rules on > the host, and each container and the host running rsyslog. On closer > inspection, I realized that only every other character or so of the > message was appearing in a given log file. Disabling kernel logging in > the containers, by commenting out "$ModLoad imklog" in > /etc/rsyslog.conf, straightened out the log files. Huh. I disabled that because (containers') rsyslog reported it couldn't read from the kernel log. Maybe you've accidentally left containers with read-access to arbitrary devices? # These are: null zero random urandom tty* tty console # ptmx pts/* rtc0 lxc.cgroup.devices.deny = a lxc.cgroup.devices.allow = c 1:3 rw lxc.cgroup.devices.allow = c 1:5 rw lxc.cgroup.devices.allow = c 1:8 rw lxc.cgroup.devices.allow = c 1:9 rw lxc.cgroup.devices.allow = c 4:* rw lxc.cgroup.devices.allow = c 5:0 rw lxc.cgroup.devices.allow = c 5:1 rw lxc.cgroup.devices.allow = c 5:2 rw lxc.cgroup.devices.allow = c 136:* rw lxc.cgroup.devices.allow = c 254:0 r And in the container, I configure rsyslog thusly: cat >/etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst &1 /etc/rsyslog.d/20-to-logserv.conf <<-EOT # Enable RFC 3339 (ns granularity) timestamps in CC'd logs. \\\$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat # CC all logs to logserv. *.* @logserv EOT etckeeper commit "Enable RFC 3339 timestamps in logs." restart rsyslog # [...] EOF -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users