Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 May 2013 13:50:01 GMT
From:      Ian Smith <smithi@nimnet.asn.au>
To:        freebsd-ipfw@FreeBSD.org
Subject:   Re: kern/178482: [ipfw] logging problem from vnet jail
Message-ID:  <201305221350.r4MDo178002963@freefall.freebsd.org>

Next in thread | Raw E-Mail | Index | Archive | Help
The following reply was made to PR kern/178482; it has been noted by GNATS.

From: Ian Smith <smithi@nimnet.asn.au>
To: bug-followup@FreeBSD.org, fbsd8@a1poweruser.com
Cc:  
Subject: Re: kern/178482: [ipfw] logging problem from vnet jail
Date: Wed, 22 May 2013 23:44:40 +1000

   > 9.1-RELEASE kernel with modules and vimage plus ipfw compiled in.
   > vnet jails running ipfw are logging to the host security file and
   > don't log any ipfw log messages to the hosts message file. Secondly
   > the vnet jails security and messages files never get populated with
   > ipfw log messages.
 
 Logging to the host's syslog rather than the jail's appears to be the
 main/real issue here, confirmed and demonstrated by Anders Hagman, see
 http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-May/005398.html
 
   > logger command works. logged msg in both security and messages on
   > host
   > vnet jail can ping the public internet.
   > Hosts security file has log messages from both jail and host.
   > ipfw log messages are not being put into the hosts messages file.
 
 Apart from certain admin messages such as ipfw initialisation, 'limit N 
 reached on rule X' and 'Entry X logging count reset.' ipfw log messages 
 are never written to /var/log/messages but only to /var/log/security. 
 Since you set verbose_limit=0, you shouldn't expect to see anything from 
 ipfw in /var/log/messages, on either host or jail.
 
   > # /root >/var/log/security
   > empty file
   >
   > # /root >cat /var/log/messages
   > empty file
 
 Strange that there were not even normal bootup messages on the host?
 
 The rest serves to demonstrate the vnet jail logging-to-host issue.
 
 Ian



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?201305221350.r4MDo178002963>