Date: Tue, 28 Aug 2007 12:42:47 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: jonathan michaels <jon@caamora.com.au> Cc: freebsd-pf <freebsd-pf@freebsd.org> Subject: Re: pflogd and newsyslog messages Message-ID: <20070828104247.GG18273@insomnia.benzedrine.cx> In-Reply-To: <20070828201942.07894@caamora.com.au> References: <20070828201942.07894@caamora.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 28, 2007 at 08:19:42PM +1000, jonathan michaels wrote: > Aug 25 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received > Aug 26 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received > Aug 27 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received > Aug 28 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received These are perfectly normal. Once every hour, per /etc/crontab, your cron(8) is calling newsyslog(8) to rotate log files according to /etc/newsyslog.conf, which by default contains # logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] /var/log/pflog 600 3 100 * JB /var/run/pflogd.pid If an invokation finds /var/log/pflog larger than 100 kB, it will rotate the file (rename the old file, create a new empty one) and send the pflogd process a SIGHUP signal. The signal tells pflogd to re-open its log file. This is necessary because the process doesn't open and close the file each time it appends an entry, but opens the file only once on startup and keeps appending through the open file handle. Without a signal, pflogd wouldn't close and reopen the log file, and continue appending to the old file. Depending on how newsyslog rotated it, that would mean either that the old file would continue to grow or an unlinked file (not visible with ls(1)) would grow until the last open file handle to it is closed (when pflogd dies). pflogd is logging the receiption the signal with the debug message you quoted above. Usually, you wouldn't log debug level messages to a file, but you must have edited /etc/syslog.conf to do so. So, if the messages bother you, either don't log *.debug or specifically exclude pflogd. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070828104247.GG18273>