Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 May 2013 13:50:01 GMT
From:      Ian Smith <>
Subject:   Re: kern/178482: [ipfw] logging problem from vnet jail
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
The following reply was made to PR kern/178482; it has been noted by GNATS.

From: Ian Smith <>
Subject: Re: kern/178482: [ipfw] logging problem from vnet jail
Date: Wed, 22 May 2013 23:44:40 +1000

   > 9.1-RELEASE kernel with modules and vimage plus ipfw compiled in.
   > vnet jails running ipfw are logging to the host security file and
   > don't log any ipfw log messages to the hosts message file. Secondly
   > the vnet jails security and messages files never get populated with
   > ipfw log messages.
 Logging to the host's syslog rather than the jail's appears to be the
 main/real issue here, confirmed and demonstrated by Anders Hagman, see
   > logger command works. logged msg in both security and messages on
   > host
   > vnet jail can ping the public internet.
   > Hosts security file has log messages from both jail and host.
   > ipfw log messages are not being put into the hosts messages file.
 Apart from certain admin messages such as ipfw initialisation, 'limit N 
 reached on rule X' and 'Entry X logging count reset.' ipfw log messages 
 are never written to /var/log/messages but only to /var/log/security. 
 Since you set verbose_limit=0, you shouldn't expect to see anything from 
 ipfw in /var/log/messages, on either host or jail.
   > # /root >/var/log/security
   > empty file
   > # /root >cat /var/log/messages
   > empty file
 Strange that there were not even normal bootup messages on the host?
 The rest serves to demonstrate the vnet jail logging-to-host issue.

Want to link to this message? Use this URL: <>