[syslog-ng] syslog-ng inside LXC guest receives kernel messages from host

webman at manfbraun.de webman at manfbraun.de
Wed Jan 3 04:25:33 UTC 2018


Hello!

It's the first time, that I use syslog-ng (although the
plan ist old - due to the ability to use rabbitmq ...).

The host (which is a VM too - do not know exactly which type)
has the normal rsyslog installed (was "shipped" with it
and not directly of my interest - so I kept it).

What I am getting from the host are kernel messages
generated from iptables logging - I know the log prefix.
The guest has just now no iptables rules at all, but
a running ulog2, which (no iptables rules at the
moment) just runs, but has nothing to log and messages
continue to arrive, after I've stopped it. I had
a reboot in between, just to be sure, iptables has
not something in its memory.

There is a bridge to the host and the outside. While
the iptables rules were active, I blocked port 514,
but this does not change anything. As told, the messages
now continue, even iptables has no active rules.
A tcpdump inside the lxc guest does not show packages
on port 514. BTW, the messages are logged with the
hostname of the guest.

syslog-ng uses the standards for it input (system, internal).

Probably someone could shed some light on it. It is
nothing more worrying, then messages from unknown
source!

Thanks anyway and best regards,
Manfred






More information about the syslog-ng mailing list