From owner-freebsd-ipfw@FreeBSD.ORG Wed May 22 17:10:02 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 2A8F4FF2 for ; Wed, 22 May 2013 17:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 0353974D for ; Wed, 22 May 2013 17:10:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4MHA1eV041667 for ; Wed, 22 May 2013 17:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4MHA1a9041666; Wed, 22 May 2013 17:10:01 GMT (envelope-from gnats) Date: Wed, 22 May 2013 17:10:01 GMT Message-Id: <201305221710.r4MHA1a9041666@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org Cc: From: Joe Subject: Re: kern/178482: [ipfw] logging problem from vnet jail X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Joe List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 May 2013 17:10:02 -0000 The following reply was made to PR kern/178482; it has been noted by GNATS. From: Joe To: Ian Smith Cc: bug-followup@FreeBSD.org Subject: Re: kern/178482: [ipfw] logging problem from vnet jail Date: Wed, 22 May 2013 13:04:29 -0400 Ian Smith wrote: > > > 9.1-RELEASE kernel with modules and vimage plus ipfw compiled in. > > vnet jails running ipfw are logging to the host security file and > > don't log any ipfw log messages to the hosts message file. Secondly > > the vnet jails security and messages files never get populated with > > ipfw log messages. > > Logging to the host's syslog rather than the jail's appears to be the > main/real issue here, confirmed and demonstrated by Anders Hagman, see > http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-May/005398.html You have the incorrect conclusion. Let me reword what was stated in the original pr to give a clearer picture of the pr. IPFW log messages coming from a IPFW process running inside of a jail(8) vnet jail are being written to the hosts /etc/log/security file and not to the vnet jail's /etc/log/security file. If the host is also running ipfw, it's logging messages are intermingled with those coming from the vnet jail ipfw process. And yes Anders Hagman did confirm this per the link you provided. > > > logger command works. logged msg in both security and messages on > > host > > vnet jail can ping the public internet. > > Hosts security file has log messages from both jail and host. > > ipfw log messages are not being put into the hosts messages file. > > Apart from certain admin messages such as ipfw initialization, 'limit N > reached on rule X' and 'Entry X logging count reset.' ipfw log messages > are never written to /var/log/messages but only to /var/log/security. > Since you set verbose_limit=0, you shouldn't expect to see anything from > ipfw in /var/log/messages, on either host or jail. I don't know how you can to that conclusion. verbose_limit is not mentioned in this pr. You are incorrect. verbose_limit is not set for this pr test. > > > # /root >/var/log/security > > empty file > > > > # /root >cat /var/log/messages > > empty file > > Strange that there were not even normal bootup messages on the host? Thats because I deleted all content before running this test to make the output simple. What purpose would showing boot messages serve? > > The rest serves to demonstrate the vnet jail logging-to-host issue. > > Ian > >