I have a question regarding running nxlog with the om_udpspoof module inside of a docker container. It appears that I should be able to do this, but in practice it does not work. I have tried the following:
--add-cap=net_rawon the container
--privilegedflag on the container
- Using the
Capabilities "cap_net_raw=+ep"in the NXLOG configuration
I keep getting the following error from the nxlog process inside the container.
nxlog_1 | 2021-01-19 19:14:02 ERROR [om_udpspoof|graylog] couldn't create raw socket;Operation not permitted
Has anyone been able to get the om_udpspoof module to work inside of a docker container?