LXC syslog to host

Hi,

I’ve been using LXC since few years ago. When I started to use it, I always configured the host’s rsyslog, that it created a /dev/log socket in /var/lib/lxc/NAME/rootfs.dev/, and reads it. Then I could catch all messages from all containers.

In the newest systems, there isn’t rootfs.dev - is there any way to make some similar solution like above?

The host and “guests” systems are Debian, with systemd.

I could done that configured systemd that reads the /dev/log inside of container, and sends to rsyslog through tcp… but not all messages arrived, eg. when I restart a service (eg. ssh), it doesn’t showed in host log.

Do you have any idea? How do you logging?

Regards,

a.

1 Like

This is an LXC question so I am not very familiar.
With LXD you can create socket devices and you have quite a few options.

Having said that, I think it would be more portable if you get rsyslog on the host to listen to TCP on its IP address of the lxcbr0 interface (like 10.10.10.1). Then configure each container to send syslog events to the IP address 10.10.10.1.

Here is the part in /etc/rsyslog.conf on the host to enable the reception of events,

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

Hi @simos,

that’s what I did - here is my rsyslog entry what I wrote my first post:

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514" address="172.10.40.1")

where the 172.10.40.1 is the address of lxcbr0.

But what do you think about, how can I configure the containers to send the syslog to host?

Now I installed the “traditional” syslogd, configured the . to @host-system.

But my real question is there any other solution? I mean, should I bypass the syslogd, and configure the systemd-syslog that it send the messages to remote?

Thanks,

a.

So, what I could do:

  • configured rsyslog on host that it accepts logs through TCP/514 on lxcbr0 IP

  • created a systemd service, enabled it and started (inside of LXC):

    # cat /etc/systemd/system/jnlcat.service
    [Unit]
    Description=Journalctl remote
    After=systemd-journald.service
    Requires=systemd-journald.service

    [Service]
    ExecStart=/bin/sh -c “journalctl -f | nc 172.10.40.1 514”
    TimeoutStartSec=0
    Restart=on-failure
    RestartSec=5s

    [Install]
    WantedBy=multi-user.target

That’s it, now I got all service messages in host syslog (eg. ssh restart, mysql restart), but if I send a message from console (eg. “logger foobar”), that’s also will be logged.

Note, that the solution is the netcat utility.

For my Container this is runnning under Proxmox VE / Debian 9 with qemu/kvm is find out the the /proc/kmsg can be read with the user nobody.

Put the String

“$PrivDropToUser nobody”

directly untder the RULES - Section then it works.

Hmm…

sorry, but I don’t understand this.

You can read the guest system’s syslog from the host system through the guests /dev/kmesg? And are your container root FS mount, and you access to the /proc?

That’s my problem, I can’t access to the root FS of LXC, nor /proc of LXC.