Does remote LXD "lxc clients only" leave a trace in the server config or log?

Hi, I am currently doing some security dig in on lxd server.

I need to determine all lxc client that have been authorise to connect to a lxd server.

Your help is appreciated

lxc config trust list might be what your looking for

1 Like

Yes it does the job :slight_smile: tx

But, I am still not able to find any connection attempts in the log of the server.

I have try tcptrack -i br1 port 8443, it does the job if i am in front of the console :frowning: I could use a tcpdump in a screen session, but if i use LsdMosaic per example you would see a lot of traffic, I would have to filter a lot of information… also try ufw

To get a log of all requests, you’ll need to enable debug mode. Either by passing --debug to the daemon or by using snap set lxd daemon.debug=true && systemctl reload snap.lxd.daemon.

Alternatively you can always see those entries live by using lxc monitor --type=logging --pretty

1 Like

Thank for the fast answer :slight_smile:

Information from lxc monitor is more complete than the debug mode.

It will be nice to have lxc monitor running as a daemon for security monitoring.

lxc monitor is also special in that for clusters it will show you info and higher messages for all nodes, not just your local one.

Our Go API makes receiving those events pretty simple and even in another language, connecting to /1.0/events using websocket is reasonably easy, so if you have specific auditing needs, writing a piece of code which subscribes to just what you want should work well.

Also note the special event type lifecycle which lets you easily log all instance operations.

1 Like