om_udpspoof inside docker container

Tags:

#1 rp25818

I have a question regarding running nxlog with the om_udpspoof module inside of a docker container. It appears that I should be able to do this, but in practice it does not work. I have tried the following:

  1. Using --add-cap=net_raw on the container
  2. Using --privileged flag on the container
  3. Using the Capabilities "cap_net_raw=+ep" in the NXLOG configuration

I keep getting the following error from the nxlog process inside the container.

nxlog_1 | 2021-01-19 19:14:02 ERROR [om_udpspoof|graylog] couldn't create raw socket;Operation not permitted

Has anyone been able to get the om_udpspoof module to work inside of a docker container?

#2 konstantinosDeactivated Nxlog ✓
#1 rp25818
I have a question regarding running nxlog with the om_udpspoof module inside of a docker container. It appears that I should be able to do this, but in practice it does not work. I have tried the following: Using --add-cap=net_raw on the container Using --privileged flag on the container Using the Capabilities "cap_net_raw=+ep" in the NXLOG configuration I keep getting the following error from the nxlog process inside the container. nxlog_1 | 2021-01-19 19:14:02 ERROR [om_udpspoof|graylog] couldn't create raw socket;Operation not permitted Has anyone been able to get the om_udpspoof module to work inside of a docker container?

Hi,

Have you tried to set the capability on the binary? RUN setcap cap_net_raw+ep /opt/nxlog/bin/nxlog

Regards,

Konstantinos