Date: Sat, 17 Apr 2004 22:16:26 +0800 (MYT) From: Canggung Mendonan <mendonan@absolute-p.ath.cx> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: ipmon fills up partition Message-ID: <20040416230102.H2835@ybpnyubfg>
next in thread | raw e-mail | index | archive | help
Dear list, I use ipfilter exclusively in all the FreeBSD systems I ever set up / administer since FreeBSD 4.x at least. In addition, in all my systems I have a habit of logging ipfilter to a different file, by using the following setting in /etc/rc.conf:- ipmon_enable="YES" ipmon_flags="-D /var/log/ipflog" and rotating it in newsyslog.conf:- /var/log/ipflog 640 7 1000 * J Reason for this is I also turn on /var/log/all.log (logging everything), so default ipmon settings tend to clutter the logs. Anyway, since FreeBSD v5.x (been using it since a while before 5.0-RELEASE), in at least 3 of the machines I administer, rotation works fine, and ipmon resumes logging afterwards. However the partition where /var/log/ipflog resides gradually fills up, until 100% full. Curiously, killing ipmon process releases back the space taken. Adding /var/run/ipmon.pid at the end of newsyslog.conf line above stops the above symptom, but ipmon stopped logging after each rotation. My last resort is to cook up own rotation, as some ppl have done here:- http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=br00p7%24b9o%241%40FreeBSD.csie.NCTU.edu.tw&rnum=5&prev=/groups%3Fq%3Dipmon%2Brotation%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26scoring%3Dd But before that, any other ideas? Should I send-pr? Thanks. --mendonan "Yang mimpikan secangkir kopi panas dengan selimut.." (Dreaming of a cup of hot coffee, and a blanket..")
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040416230102.H2835>