Date: Wed, 22 May 2013 13:50:01 GMT From: Ian Smith <smithi@nimnet.asn.au> To: freebsd-ipfw@FreeBSD.org Subject: Re: kern/178482: [ipfw] logging problem from vnet jail Message-ID: <201305221350.r4MDo178002963@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/178482; it has been noted by GNATS. From: Ian Smith <smithi@nimnet.asn.au> To: bug-followup@FreeBSD.org, fbsd8@a1poweruser.com Cc: Subject: Re: kern/178482: [ipfw] logging problem from vnet jail Date: Wed, 22 May 2013 23:44:40 +1000 > 9.1-RELEASE kernel with modules and vimage plus ipfw compiled in. > vnet jails running ipfw are logging to the host security file and > don't log any ipfw log messages to the hosts message file. Secondly > the vnet jails security and messages files never get populated with > ipfw log messages. Logging to the host's syslog rather than the jail's appears to be the main/real issue here, confirmed and demonstrated by Anders Hagman, see http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-May/005398.html > logger command works. logged msg in both security and messages on > host > vnet jail can ping the public internet. > Hosts security file has log messages from both jail and host. > ipfw log messages are not being put into the hosts messages file. Apart from certain admin messages such as ipfw initialisation, 'limit N reached on rule X' and 'Entry X logging count reset.' ipfw log messages are never written to /var/log/messages but only to /var/log/security. Since you set verbose_limit=0, you shouldn't expect to see anything from ipfw in /var/log/messages, on either host or jail. > # /root >/var/log/security > empty file > > # /root >cat /var/log/messages > empty file Strange that there were not even normal bootup messages on the host? The rest serves to demonstrate the vnet jail logging-to-host issue. Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305221350.r4MDo178002963>