OpenVZ Forum


Home » Mailing lists » Users » iptables LOG
iptables LOG [message #45562] Mon, 19 March 2012 09:59 Go to next message
massimiliano.sciabica is currently offline  massimiliano.sciabica
Messages: 11
Registered: March 2012
Junior Member
From: *parallels.com
Hello,
I have loaded the necessary modules in CT0 (debian) and implemented a
set of iptables rules in CT150 (Centos5.7).
I added a LOG before the DROP rule in order to be informed of packet
being dropped: the rule is being matched, but I can't find any log in
/var/log/messages.

I'm not sure wether the TCP stack is in CT150 or in CT0 (I would say in
CT0, as it is kernel code), but I'm quite sure that iptables logs come
from kernel.
How can I get those logs directly in CT150?
I tried the ULOG target instead of LOG, but I'm hitting the same
problem. Would adding NET_ADMIN capability help?

Thanks
Re: iptables LOG [message #45566 is a reply to message #45562] Mon, 19 March 2012 21:01 Go to previous messageGo to next message
massimiliano.sciabica is currently offline  massimiliano.sciabica
Messages: 11
Registered: March 2012
Junior Member
From: *parallels.com
Well, the problem was the template out of which I created my VPS.
I don't know why, the line to start klogd in /etc/init.d/syslog was
commented out.
Started klogd, logs are happily showing in /var/log/messages
Re: iptables LOG [message #45567 is a reply to message #45562] Mon, 19 March 2012 21:08 Go to previous messageGo to next message
massimiliano.sciabica is currently offline  massimiliano.sciabica
Messages: 11
Registered: March 2012
Junior Member
From: *parallels.com
Well, the problem was the template out of which I created my VPS.
I don't know why, the line to start klogd in /etc/init.d/syslog was
commented out.
Started klogd, logs are happily showing in /var/log/messages
Re: iptables LOG [message #45571 is a reply to message #45567] Tue, 20 March 2012 11:14 Go to previous messageGo to next message
Aleksandar Ivanisevic is currently offline  Aleksandar Ivanisevic
Messages: 34
Registered: April 2011
Member
From: *parallels.com
Massimiliano
<massimiliano.sciabica@kiiama.com>
writes:

> Well, the problem was the template out of which I created my VPS.
> I don't know why, the line to start klogd in /etc/init.d/syslog was
> commented out.
> Started klogd, logs are happily showing in /var/log/messages

Interesting, I always thought no logging is a "feature" of openvz ;)

Now I see that klogd is also commented out in my template.

Anyone care to shed some light as to why is this done?
Re: Re: iptables LOG [message #45572 is a reply to message #45571] Tue, 20 March 2012 11:41 Go to previous messageGo to next message
massimiliano.sciabica is currently offline  massimiliano.sciabica
Messages: 11
Registered: March 2012
Junior Member
From: *parallels.com
Kernel logs are available for VPS since stable kernel release =>
2.6.32.
It looks like template creator took care to avoid launching a useless
process.
Just my opinion.

On Tue, 20 Mar 2012 12:14:40 +0100, Aleksandar Ivanisevic wrote:
> Massimiliano
> <massimiliano.sciabica@kiiama.com>
> writes:
>
>> Well, the problem was the template out of which I created my VPS.
>> I don't know why, the line to start klogd in /etc/init.d/syslog was
>> commented out.
>> Started klogd, logs are happily showing in /var/log/messages
>
> Interesting, I always thought no logging is a "feature" of openvz ;)
>
> Now I see that klogd is also commented out in my template.
>
> Anyone care to shed some light as to why is this done?
>
>
Re: Re: iptables LOG [message #45582 is a reply to message #45572] Tue, 20 March 2012 16:55 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

From: *parallels.com
20.03.2012 15:44 пользователь <massimiliano.sciabica@kiiama.com> написал:
>
> Kernel logs are available for VPS since stable kernel release => 2.6.32.
> It looks like template creator took care to avoid launching a useless
process.
> Just my opinion.

That's right.

If you will see klogd commented out in latest templates — please file a bug

>
>
> On Tue, 20 Mar 2012 12:14:40 +0100, Aleksandar Ivanisevic wrote:
>>
>> Massimiliano
>> <massimiliano.sciabica@kiiama.com>
>> writes:
>>
>>> Well, the problem was the template out of which I created my VPS.
>>> I don't know why, the line to start klogd in /etc/init.d/syslog was
>>> commented out.
>>> Started klogd, logs are happily showing in /var/log/messages
>>
>>
>> Interesting, I always thought no logging is a "feature" of openvz ;)
>>
>> Now I see that klogd is also commented out in my template.
>>
>> Anyone care to shed some light as to why is this done?
>>
>>


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png
Re: Re: iptables LOG [message #45586 is a reply to message #45582] Tue, 20 March 2012 20:45 Go to previous message
cyrolancer is currently offline  cyrolancer
Messages: 15
Registered: July 2011
Junior Member
From: *parallels.com
Hello,

The same happens in CentOS 5.8 CT0 and Debian 6.0 VZ. I have enabled
klogd in VZ and logging works in VE right now.

# uname -r
2.6.32-308.el5.028stab099.3

# ls /etc/rc* | grep klogd
K03sysklogd
K03sysklogd
S16sysklogd
S16sysklogd
S16sysklogd
S16sysklogd
K03sysklogd

# update-rc.d klogd defaults
update-rc.d: using dependency based boot sequencing

# ls /etc/rc* | grep klogd
K01klogd
K03sysklogd
K01klogd
K03sysklogd
S16sysklogd
S17klogd
S16sysklogd
S17klogd
S16sysklogd
S17klogd
S16sysklogd
S17klogd
K01klogd
K03sysklogd

Thanks,

Onur R. Bingol


On 20.03.2012 18:55, Kir Kolyshkin wrote:
>
>
> 20.03.2012 15:44 пользователь <massimiliano.sciabica@kiiama.com
> <mailto:massimiliano.sciabica@kiiama.com>> написал:
> >
> > Kernel logs are available for VPS since stable kernel release => 2.6.32.
> > It looks like template creator took care to avoid launching a
> useless process.
> > Just my opinion.
>
> That's right.
>
> If you will see klogd commented out in latest templates — please file
> a bug
>
> >
> >
> > On Tue, 20 Mar 2012 12:14:40 +0100, Aleksandar Ivanisevic wrote:
> >>
> >> Massimiliano
> >> <massimiliano.sciabica@kiiama.com
> <mailto:massimiliano.sciabica@kiiama.com>>
> >> writes:
> >>
> >>> Well, the problem was the template out of which I created my VPS.
> >>> I don't know why, the line to start klogd in /etc/init.d/syslog was
> >>> commented out.
> >>> Started klogd, logs are happily showing in /var/log/messages
> >>
> >>
> >> Interesting, I always thought no logging is a "feature" of openvz ;)
> >>
> >> Now I see that klogd is also commented out in my template.
> >>
> >> Anyone care to shed some light as to why is this done?
> >>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users@openvz.org <mailto:Users@openvz.org>
> >> https://openvz.org/mailman/listinfo/users
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users@openvz.org <mailto:Users@openvz.org>
> > https://openvz.org/mailman/listinfo/users
>
>
>
Previous Topic: CT freeze on chkpnt --suspend operation, need advice, nothing can't kill it
Next Topic: IO usage stat within containers
Goto Forum:
  


Current Time: Thu Dec 14 20:50:33 GMT 2017