om_udpspoof inside docker container
I have a question regarding running nxlog with the om_udpspoof module inside of a docker container. It appears that I should be able to do this, but in practice it does not work. I have tried the following:
- Using
--add-cap=net_raw
on the container - Using
--privileged
flag on the container - Using the
Capabilities "cap_net_raw=+ep"
in the NXLOG configuration
I keep getting the following error from the nxlog process inside the container.
nxlog_1 | 2021-01-19 19:14:02 ERROR [om_udpspoof|graylog] couldn't create raw socket;Operation not permitted
Has anyone been able to get the om_udpspoof module to work inside of a docker container?
Hi,
Have you tried to set the capability on the binary?
RUN setcap cap_net_raw+ep /opt/nxlog/bin/nxlog
Regards,
Konstantinos