From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 15:55:23 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0669A16A4CE for ; Thu, 16 Sep 2004 15:55:23 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51BAB43D58 for ; Thu, 16 Sep 2004 15:55:18 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1C7ybM-00022U-00; Thu, 16 Sep 2004 17:55:16 +0200 Received: from [217.83.2.225] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1C7ybM-00059Y-00; Thu, 16 Sep 2004 17:55:16 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Thu, 16 Sep 2004 17:53:51 +0200 User-Agent: KMail/1.7 References: <58653.81.84.174.8.1095267239.squirrel@81.84.174.8> <4149AE26.6010103@veldy.net> In-Reply-To: <4149AE26.6010103@veldy.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1549983.L2jxta1OzG"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200409161754.09205.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: Hugo Silva Subject: Re: pf not logging on 5.3-BETA3 ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 15:55:23 -0000 --nextPart1549983.L2jxta1OzG Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 16 September 2004 17:15, Thomas T. Veldhouse wrote: > Hugo Silva wrote: > >Hi, > > > >I can't make pf log to a logfile on the 5.3-BETA3. I didn't have any > >problems with this on 5.2.1-RELEASE-p9 using the port.. > > > >I can access pflog0 and there I will see entries that are matching the > >blocks, but I can't tail /var/log/pflog (empty). > > > >I've added device pf, pfsync, pflog to the kernel, and have the following > >on rc.conf: > > > >pf_enable=3D"YES" > >pf_logd=3D"YES" > >pflog_logfile=3D"/var/log/pflog" > >pf_rules=3D"/etc/pf.conf" > > > >The ruleset won't load automatically either (I think it should be > >pf_conf=3D, but /etc/defaults/rc.conf shows pf_rules ...). pflogd won't > >start, if I start it by hand it won't work either (starts, exits)... Okay, have you guys read UPDATING? > 20040623: > pf was updated to OpenBSD-stable 3.5 and pflogd(8) is privilege > separated now. It uses the newly created "_pflogd" user/group > combination. If you plan to use pflogd(8) make sure to run > mergemaster -p or install the "_pflogd" user and group manually. > >The /var/log/pflog file is there, owned root:wheel. But no entries are > >being added to the log. If I try to see it like: > > > >[root@evilreborn:/usr/src/sys/i386/conf]# pflog > >tcpdump: WARNING: pflog0: no IPv4 address assigned > >tcpdump: verbose output suppressed, use -v or -vv for full protocol deco= de > >listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size = 96 > >bytes > > > >it works (btw, i had to ifconfig pflog0 up or it wouldn't work, this is > > dumb) > > > >But it won't write the blocked/logged entries to the logfile. Am I missi= ng > >something obvious here? > > I am seeing these same issue. PF is working just fine, but > /var/log/pflog is only 24 bytes long and full of garbage. Remove this before retrying ...=20 > FreeBSD fuggle.veldy.net 5.3-BETA4 FreeBSD 5.3-BETA4 #1: Tue Sep 14 > 22:08:40 CDT 2004 > veldy@fuggle.veldy.net:/usr/src/sys/i386/compile/FUGGLE i386 > > Tom Veldhouse =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1549983.L2jxta1OzG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBSbchXyyEoT62BG0RAn7TAJ9ObjUhdoyS214RPAzaK0DMYhKPOwCfVDsv y2IqrsjKKJVt8sdVvfllDYo= =TfQx -----END PGP SIGNATURE----- --nextPart1549983.L2jxta1OzG--