Iptables by default submit kernel logs via printk() and I am not sure that is namespace aware, I am assuming that its not.

You are probably receiving these messages via the system source, which opens /proc/kmsg (or /dev/kmsg).

Heres a related article:

https://github.com/lxc/lxd/issues/1397

For now the best course of action is to disable kernel logs in the guest and rely on the host to collect them.

On Jan 3, 2018 05:26, <webman@manfbraun.de> wrote:

Hello!

It's the first time, that I use syslog-ng (although the
plan ist old - due to the ability to use rabbitmq ...).

The host (which is a VM too - do not know exactly which type)
has the normal rsyslog installed (was "shipped" with it
and not directly of my interest - so I kept it).

What I am getting from the host are kernel messages
generated from iptables logging - I know the log prefix.
The guest has just now no iptables rules at all, but
a running ulog2, which (no iptables rules at the
moment) just runs, but has nothing to log and messages
continue to arrive, after I've stopped it. I had
a reboot in between, just to be sure, iptables has
not something in its memory.

There is a bridge to the host and the outside. While
the iptables rules were active, I blocked port 514,
but this does not change anything. As told, the messages
now continue, even iptables has no active rules.
A tcpdump inside the lxc guest does not show packages
on port 514. BTW, the messages are logged with the
hostname of the guest.

syslog-ng uses the standards for it input (system, internal).

Probably someone could shed some light on it. It is
nothing more worrying, then messages from unknown
source!

Thanks anyway and best regards,
Manfred

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq