From owner-freebsd-questions@FreeBSD.ORG Sat Apr 17 07:16:39 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4FE916A4DA for ; Sat, 17 Apr 2004 07:16:39 -0700 (PDT) Received: from serve.wwwroot7.net (server.wwwroot7.net [216.180.224.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08B1743D62 for ; Sat, 17 Apr 2004 07:16:39 -0700 (PDT) (envelope-from mendonan@absolute-p.ath.cx) Received: from localhost ([127.0.0.1] helo=localhost.nusantara.net) by serve.wwwroot7.net with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.24) id 1BEqcW-0006h3-BP for freebsd-questions@freebsd.org; Sat, 17 Apr 2004 09:16:37 -0500 Received: from localhost (localhost [127.0.0.1])i3HEGRlk006861 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 17 Apr 2004 22:16:29 +0800 (MYT) (envelope-from mendonan@absolute-p.ath.cx) Date: Sat, 17 Apr 2004 22:16:26 +0800 (MYT) From: Canggung Mendonan To: "freebsd-questions@freebsd.org" Message-ID: <20040416230102.H2835@ybpnyubfg> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - serve.wwwroot7.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - absolute-p.ath.cx Subject: ipmon fills up partition X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2004 14:16:39 -0000 Dear list, I use ipfilter exclusively in all the FreeBSD systems I ever set up / administer since FreeBSD 4.x at least. In addition, in all my systems I have a habit of logging ipfilter to a different file, by using the following setting in /etc/rc.conf:- ipmon_enable="YES" ipmon_flags="-D /var/log/ipflog" and rotating it in newsyslog.conf:- /var/log/ipflog 640 7 1000 * J Reason for this is I also turn on /var/log/all.log (logging everything), so default ipmon settings tend to clutter the logs. Anyway, since FreeBSD v5.x (been using it since a while before 5.0-RELEASE), in at least 3 of the machines I administer, rotation works fine, and ipmon resumes logging afterwards. However the partition where /var/log/ipflog resides gradually fills up, until 100% full. Curiously, killing ipmon process releases back the space taken. Adding /var/run/ipmon.pid at the end of newsyslog.conf line above stops the above symptom, but ipmon stopped logging after each rotation. My last resort is to cook up own rotation, as some ppl have done here:- http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=br00p7%24b9o%241%40FreeBSD.csie.NCTU.edu.tw&rnum=5&prev=/groups%3Fq%3Dipmon%2Brotation%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26scoring%3Dd But before that, any other ideas? Should I send-pr? Thanks. --mendonan "Yang mimpikan secangkir kopi panas dengan selimut.." (Dreaming of a cup of hot coffee, and a blanket..")