labunix's blog

labunixのラボUnix

FreeBSD10.1-RC4のqjail環境のsyslogをホストのsyslogに転送する。

■FreeBSD10.1-RC4のqjail環境のsyslogをホストのsyslogに転送する。
 「*.debug」以上でないと動作しないようだが、無いよりはまし。

■ホスト側の設定

$ tail -3 /etc/rc.conf
ifconfig_lo0_alias0="inet 127.0.0.102 netmask 255.255.255.255"
syslogd_enable="YES"
syslogd_flags="-b 127.0.0.102"

$ sudo /etc/rc.d/netif restart

$ sudo /etc/rc.d/syslogd restart
Stopping syslogd.
Waiting for PIDS: 393.
Starting syslogd.

$ grep 127 /etc/hosts
127.0.0.1		localhost localhost.my.domain
127.0.0.1	localhost	localhost.localdomain

■jailの127.0.0.2アドレスを127.0.0.1に変更する。

$ sudo qjail stop qjail001
Jail successfully stopped  qjail001

$ sudo qjail config -4 "192.168.100.1,lo0|127.0.0.1" qjail001
Successful ip change qjail001

$ sudo qjail start qjail001
Jail successfully started  qjail001

$ sudo qjail list qjail001
 

STA JID  NIC IP              Jailname
--- ---- --- --------------- --------------------------------------------------
DR  2    em0 192.168.100.1   qjail001
             lo0|127.0.0.1
 

■jail側の設定

$  sudo qjail console qjail001
> sh
# grep ^Port /etc/ssh/sshd_config 
Port 9022

# /etc/rc.d/sshd restart
Performing sanity check on sshd configuration.
Stopping sshd.
Waiting for PIDS: 1306.
Performing sanity check on sshd configuration.
Starting sshd.

# grep syslog /etc/rc.conf
# Prevent syslog from opening sockets
syslogd_enable="YES"
syslogd_flags="-s"

# grep 127 /etc/syslog.conf
*.debug						@127.0.2.102

# /etc/rc.d/syslogd restart
Stopping syslogd.
Waiting for PIDS: 1905.
ln: /dev/log: Operation not permitted
Starting syslogd.

# logger -p daemon.debug -t "sampled" "this message time : `date`"
# logger -h 127.0.0.102 -p daemon.debug -t "sampled" "this message time : `date`"

■ホスト側でログを確認
 オプション無しはlocalhostとして、「127.0.0.102」はqjail001となる。

$ sudo tail -1 /var/log/debug.log 
Nov 23 10:31:29 localhost sampled: this message time : Sun Nov 23 10:31:29 JST 2014
Nov 23 10:32:41 qjail001 sampled: this message time : Sun Nov 23 10:32:41 JST 2014

■ホスト側

$ sockstat | grep -i 514
root     syslogd    2144  6  udp4   *:514                 *:*
root     syslogd    1686  6  udp4   127.0.0.102:514       *:*

■qjail側

# sockstat | grep -i 514
root     syslogd    2144  6  udp4   *:514                 *:*

■jail側の「/dev/log」をコメントアウト。

# grep -A 4 "#.*then" /etc/rc.d/syslogd
	#if [ ! -L /dev/log ]; then
	#	ln -sf /var/run/log /dev/log
	#fi
	#rm -f /var/run/log

# /etc/rc.d/syslogd restart
Stopping syslogd.
Waiting for PIDS: 964.
Starting syslogd.

# logger -p daemon.debug -t "sampled" "`date`"
# logger -h 127.0.0.102 -p daemon.debug -t "sampled" "`date`"

■ホスト側での受信の確認

$ sudo tail -2 /var/log/debug.log /usr/jails/qjail001/var/log/debug.log 
==> /var/log/debug.log <==
Nov 23 11:19:48 localhost sampled: Sun Nov 23 11:19:48 JST 2014
Nov 23 11:21:34 qjail001 sampled: Sun Nov 23 11:21:34 JST 2014

==> /usr/jails/qjail001/var/log/debug.log <==
Nov 22 22:55:16 qjail001 newsyslog[36120]: logfile first created