Date: Thu, 16 Sep 2004 21:57:23 +0100 From: Bruno Afonso <brunomiguel@dequim.ist.utl.pt> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: pf not logging on 5.3-BETA3 ? Message-ID: <4149FE33.1050000@dequim.ist.utl.pt> In-Reply-To: <200409162125.26588.max@love2party.net> References: <58653.81.84.174.8.1095267239.squirrel@81.84.174.8> <4149C2E0.6000902@dequim.ist.utl.pt> <4149E738.8090300@veldy.net> <200409162125.26588.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > Are you sure that you have logging rules in place? And are you sure that these > rules are matched? Please attach the output of "$pfctl -vvsr" if in doubt. > > Also, are you using the module or did you build pf into your kernel directly? > Did you put in "device pflog" as well? What does "$ifconfig pflog0" say? I'm having the same problem on a previous 5.2.1 with pf port, now BETA4 box. Kernel has the following options: device pf device pflog device pfsync I didn't check using modules but /etc/rc.d/pflog start does not correctly start pflogd. In addition: - I see that scripts haven't put up pflog0. I set it up. - Further investigating I realized that mergemaster does not see that I have missing _pflogd user in passwd(!). I add the user. - "/etc/rc.d/pflogd start" does not do or produce any output - pflogd as root works. - "/etc/rc.d/pflogd stop" does not stop the service. At this point, I was starting to believe the scripts were non-working. Then I set rc_debug="YES" in /etc/rc.conf and... machine# /etc/rc.d/pflog stop /etc/rc.d/pflog: DEBUG: checkyesno: pflog_enable is set to NO. DOH!, I had pf_logd="Yes" So, this line has changed from the port version of pf. :-) /etc/rc.d/pflogd is now apparently working fine. BA -- Bruno Afonso http://dequim.ist.utl.pt/~bruno/sciTocs/ - Bruno's SciTocs! http://freebsd-pt.org/forum/ - Portuguese FreeBSD forum
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4149FE33.1050000>