On Fri, Aug 04, 2017 at 09:02:44PM +0200, aeris wrote:
> Hi here !
>
> I have trouble with LXC and netfilter logging.
>
> Configuring traffic log works like a charm on a baremetal machine and finish in /
> var/log/syslog as expected, but logs nothing when inside a LXC container, both
> with iptables and nftables
Logging from network namespaces other than init has been disabled since
kernel 3.10 in order to prevent host kernel log flooding from inside
a container.
If you have kernel >= 4.11 or one with commit 2851940ffee3 ("netfilter:
allow logging from non-init namespaces") backported, you can enable
netfilter logging from other network namespaces by
echo 1 >/proc/sys/net/netfilter/nf_log_all_netns
(the command must be issued from init_net).
> I try to install ulogd2 on my container too, no more luck.
Logging via NFLOG target and ulogd2 should work even without the sysctl
mentioned above, IIRC.
Michal Kubecek
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
