From owner-freebsd-questions@FreeBSD.ORG  Sat Sep 18 19:36:45 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DEB9316A4CE; Sat, 18 Sep 2004 19:36:44 +0000 (GMT)
Received: from mail.revolutionsp.com (ganymede.revolutionsp.com [64.246.0.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 47D4643D2F; Sat, 18 Sep 2004 19:36:44 +0000 (GMT)
	(envelope-from klr@6s-gaming.com)
Received: from mail.revolutionsp.com (localhost [127.0.0.1])
	by mail.revolutionsp.com (Postfix) with ESMTP id C35FE15C95;
	Sat, 18 Sep 2004 16:34:01 +0000 (GMT)
Received: from 81.84.174.8
        (SquirrelMail authenticated user klr@6s-gaming.com);
        by mail.revolutionsp.com with HTTP;
        Sat, 18 Sep 2004 16:34:01 -0000 (GMT)
Message-ID: <62049.81.84.174.8.1095525241.squirrel@81.84.174.8>
In-Reply-To: <200409180203.09842.max@love2party.net>
References: <58653.81.84.174.8.1095267239.squirrel@81.84.174.8>
    <61203.81.84.174.8.1095446951.squirrel@81.84.174.8>
    <61210.81.84.174.8.1095447094.squirrel@81.84.174.8>
    <200409180203.09842.max@love2party.net>
Date: Sat, 18 Sep 2004 16:34:01 -0000 (GMT)
From: "Hugo Silva" <klr@6s-gaming.com>
To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org,
	freebsd-current@freebsd.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: Re: pf not logging on 5.3-BETA3 ? [more info]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Sep 2004 19:36:45 -0000


> On Friday 17 September 2004 20:51, Hugo Silva wrote:
>>  Did you put in "device pflog" as well? What does "$ifconfig pflog0"
>> say?
>>
>> [root@evilreborn:/home/klr]# ifconfig pflog0
>> pflog0: flags=41<UP,RUNNING> mtu 33208
>
> Okay, for some reason pflogd is *not* running! Otherwise you'd have pflog0
> in
> PROMIC mode:
>  pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
> so we have to find out why it is not. Try starting it by hand and watch
> your
> daemon log closely. I can't reproduce the problem in any system (be it
> BETA3
> from disc, RELENG_5 or CURRENT) so I am afraid that something is wrong
> with
> your setup. Nontheless this *should* not happen ...
>
> If the problem is persistent, please file a PR reconstructing possible
> much
> information about how you got the system into the stage it is now (i.e.
> how
> did you install/update?). Thanks
>

Hey,

pflogd seems to start with the system (pf_logd set), but it exits. Same as
if I do it manually:

[root@evilreborn:/usr/local/etc/rc.d]# pflogd
[root@evilreborn:/usr/local/etc/rc.d]# ps aux | grep pflogd
root 14806  0.0  0.3   348  208  p0  R+    8:30PM   0:00.00 grep pflogd

[root@evilreborn:/usr/local/etc/rc.d]# which pflogd
/sbin/pflogd
[root@evilreborn:/usr/local/etc/rc.d]# file /sbin/pflogd
/sbin/pflogd: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD),
for FreeBSD 5.3, dynamically linked (uses shared libs), stripped

-

/var/log/messages shows this whenever i try to run pflogd:

Sep 18 20:31:47 evilreborn kernel: pflog0: promiscuous mode enabled
Sep 18 20:31:47 evilreborn kernel: pflog0: promiscuous mode disabled

Another oddity, I had to add ifconfig pflog0 up to a startup script to
make my pflog (read logs on pflog0 normally..) work, else it would
complain:

[root@evilreborn:/usr/local/etc/rc.d]# pflog
tcpdump: BIOCSETIF: pflog0: Network is down

I don't remember having to ifconfig pflog0 up on 5.2.1-RELEASE-p9 (another
server) with pf from ports.


I updated from 5.2.1-RELEASE (installed by cdrom) to RELENG_5 (BETA3 at
the time) by cvsup.

>> If more info is needed, let me know. I don't think this is an obvious
>> mistake of me (altough it could be, I haven't looked to this problem in
>> the last days, must take some time to look more carefully at it).
>>
>> As a reminder, the system is:
>> FreeBSD evilreborn 5.3-BETA3 FreeBSD 5.3-BETA3 #0: Wed Sep 15 19:18:51
>> WEST 2004
>> klr@evilreborn:/usr/src/sys/i386/compile/evilreborn53-kernel
>>  i386
>>
>> >> --
>> >> /"\  Best regards,                      | mlaier@freebsd.org
>> >> \ /  Max Laier                          | ICQ #67774661
>> >>  X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
>> >> / \  ASCII Ribbon Campaign              | Against HTML Mail and News
>>
>> Best Regards,
>>
>> Hugo
>
> --
> /"\  Best regards,                      | mlaier@freebsd.org
> \ /  Max Laier                          | ICQ #67774661
>  X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
> / \  ASCII Ribbon Campaign              | Against HTML Mail and News
>


-- 
www.6s-gaming.com