Date: Mon, 23 Apr 2007 15:11:12 -0700 From: snowcrash <schneecrash+pf@gmail.com> To: freebsd-pf@freebsd.org Subject: logging pf in ASCII via syslog -- logs not saved Message-ID: <70f41ba20704231511u2b7a1497y9063ec0d8eca6cbf@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
i'm using FreeBSD v6.2-RELEASE + pf + pflog. firewall works great, and i can watch real-time output on logging_device:pflog0 with, tcpdump -tttt -nei pflog0 i'd like to archive & rotate the logs as well, so, following instructions at, "Packet Logging Through Syslog" http://www.openbsd.org/faq/pf/logging.html i've -- supposedly -- setup for pf to log in ASCII to /var/log/pflog.txt etc etc when i start pf, I see in the logs dir, ls -al *pf* -rw------- 1 root wheel 24 Apr 23 13:30 pflog -rw------- 1 root wheel 0 Apr 23 13:20 pflog.txt which, as time passes, show 'pflog' growing as expected, ls -al *pf* -rw------- 1 root wheel 1056 Apr 23 13:45 pflog -rw------- 1 root wheel 0 Apr 23 13:20 pflog.txt if i exec the /etc/pflogrotate script either manually @ shell, or via cron, i see, reading from file /var/log/pflog5min.200704231347, link-type PFLOG (OpenBSD pflog file) but immediately afterwards, checking in the log dir, i see only, ls -alt /var/log/*pf* -rw------- 1 root wheel 24 Apr 23 13:48 pflog -rw------- 1 root wheel 0 Apr 23 13:47 pflog.txt with no trace of the rolled log :-/ if i allow the top of the hour to pass, the newsyslog cron job fires, after which i see, ls -alt /var/log/*pf* -rw------- 1 root wheel 24 Apr 23 14:00 /var/log/pflog -rw------- 1 root wheel 62 Apr 23 14:00 /var/log/pflog.txt -rw------- 1 root wheel 62 Apr 23 14:00 /var/log/pflog.txt.0 where, cat /var/log/pflog.txt.0 Apr 23 14:00:00 router newsyslog[36971]: logfile turned over bottom line -- i'm not getting my ascii-based pf-logs anywhere. any suggestions as to what i'm missing would be appreciated :-/ thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70f41ba20704231511u2b7a1497y9063ec0d8eca6cbf>