Iptables by default submit kernel logs via printk() and I am not sure that is namespace aware, I am assuming that its not. You are probably receiving these messages via the system source, which opens /proc/kmsg (or /dev/kmsg). Heres a related article: https://github.com/lxc/lxd/issues/1397 For now the best course of action is to disable kernel logs in the guest and rely on the host to collect them. On Jan 3, 2018 05:26, <webman@manfbraun.de> wrote:

Hello!

It's the first time, that I use syslog-ng (although the plan ist old - due to the ability to use rabbitmq ...).

The host (which is a VM too - do not know exactly which type) has the normal rsyslog installed (was "shipped" with it and not directly of my interest - so I kept it).

What I am getting from the host are kernel messages generated from iptables logging - I know the log prefix. The guest has just now no iptables rules at all, but a running ulog2, which (no iptables rules at the moment) just runs, but has nothing to log and messages continue to arrive, after I've stopped it. I had a reboot in between, just to be sure, iptables has not something in its memory.

There is a bridge to the host and the outside. While the iptables rules were active, I blocked port 514, but this does not change anything. As told, the messages now continue, even iptables has no active rules. A tcpdump inside the lxc guest does not show packages on port 514. BTW, the messages are logged with the hostname of the guest.

syslog-ng uses the standards for it input (system, internal).

Probably someone could shed some light on it. It is nothing more worrying, then messages from unknown source!

Thanks anyway and best regards, Manfred

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq