Date: Tue, 28 Aug 2007 23:04:34 +1000 From: jonathan michaels <jlm@caamora.com.au> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: freebsd-pf <freebsd-pf@freebsd.org> Subject: Re: pflogd and newsyslog messages Message-ID: <20070828230434.49695@caamora.com.au> In-Reply-To: <20070828104247.GG18273@insomnia.benzedrine.cx>; from Daniel Hartmeier on Tue, Aug 28, 2007 at 12:42:47PM %2B0200 References: <20070828201942.07894@caamora.com.au> <20070828104247.GG18273@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
daniel, thanks and appreciations fro your promt and timely responce. On Tue, Aug 28, 2007 at 12:42:47PM +0200, Daniel Hartmeier wrote: > On Tue, Aug 28, 2007 at 08:19:42PM +1000, jonathan michaels wrote: > > > Aug 25 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received > > Aug 26 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received > > Aug 27 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received > > Aug 28 00:00:02 ???????? pflogd[350]: [priv]: msg PRIV_OPEN_LOG received > > These are perfectly normal. Once every hour, per /etc/crontab, your > cron(8) is calling newsyslog(8) to rotate log files according to > /etc/newsyslog.conf, which by default contains > > # logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] > /var/log/pflog 600 3 100 * JB /var/run/pflogd.pid > > If an invokation finds /var/log/pflog larger than 100 kB, it will rotate i changed mine to rotate the log at midnight, regardless of teh file size, it makes it easier for me to handle the files ( amongs other things i live with severe arthritis, that is why my typing is bad sometimes). > the file (rename the old file, create a new empty one) and send the > pflogd process a SIGHUP signal. The signal tells pflogd to re-open its > log file. This is necessary because the process doesn't open and close > the file each time it appends an entry, but opens the file only once on > startup and keeps appending through the open file handle. Without a > signal, pflogd wouldn't close and reopen the log file, and continue > appending to the old file. Depending on how newsyslog rotated it, that > would mean either that the old file would continue to grow or an > unlinked file (not visible with ls(1)) would grow until the last open > file handle to it is closed (when pflogd dies). > > pflogd is logging the receiption the signal with the debug message you > quoted above. Usually, you wouldn't log debug level messages to a file, > but you must have edited /etc/syslog.conf to do so. So, if the messages > bother you, either don't log *.debug or specifically exclude pflogd. i don;t know enough to make those sorts of changes, my pf is what came with the freebsd that i installed, thank you for this explanation, i now understand what is going on and will make teh changes to to keep this out of teh log file i have left teh question and yor answer in this post so that it goes into the file/archive so that other people like me, (pf beginners) will be able to find yor answer, there is no place written this answer. again thank you and much appreciations kind regards jonathan -- ================================================================ powered by .. QNX, OS9 and freeBSD -- http://caamora com au/operating system ==== === appropriate solution in an inappropriate world === ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070828230434.49695>