From owner-freebsd-questions@FreeBSD.ORG  Tue Jan 22 16:29:29 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A50516A46D
	for <freebsd-questions@freebsd.org>;
	Tue, 22 Jan 2008 16:29:29 +0000 (UTC)
	(envelope-from rakhesh@rakhesh.com)
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.224])
	by mx1.freebsd.org (Postfix) with ESMTP id 7728A13C442
	for <freebsd-questions@freebsd.org>;
	Tue, 22 Jan 2008 16:29:29 +0000 (UTC)
	(envelope-from rakhesh@rakhesh.com)
Received: by nz-out-0506.google.com with SMTP id l8so1387694nzf.13
	for <freebsd-questions@freebsd.org>;
	Tue, 22 Jan 2008 08:29:28 -0800 (PST)
Received: by 10.110.32.9 with SMTP id f9mr3749621tif.32.1201019366276;
	Tue, 22 Jan 2008 08:29:26 -0800 (PST)
Received: from smtp.home.rakhesh.com ( [82.178.100.29])
	by mx.google.com with ESMTPS id i12sm17124631wxd.31.2008.01.22.08.29.23
	(version=TLSv1/SSLv3 cipher=OTHER);
	Tue, 22 Jan 2008 08:29:25 -0800 (PST)
Received: from dogmatix (dogmatix [192.168.17.31])
	by smtp.home.rakhesh.com (Postfix) with ESMTP id A7AC01140D
	for <freebsd-questions@freebsd.org>;
	Tue, 22 Jan 2008 20:29:18 +0400 (GST)
Date: Tue, 22 Jan 2008 20:29:18 +0400 (GST)
X-X-Sender: rakhesh@dogmatix.home.rakhesh.com
To: freebsd-questions@freebsd.org
In-Reply-To: <94136a2c0801220259x1b7dd4efw7a8fc1e8a60d2cc9@mail.gmail.com>
Message-ID: <20080122202158.R45709@dogmatix.home.rakhesh.com>
References: <94136a2c0801220259x1b7dd4efw7a8fc1e8a60d2cc9@mail.gmail.com>
X-Blog: http://rakhesh.com/
X-Notes: http://rakhesh.net/
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
From: Rakhesh Sasidharan <rakhesh@rakhesh.com>
Subject: Re: pflogd log
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2008 16:29:29 -0000


> I noticed that pflog is not being written to.
>
> $ l /var/log/pflog
> -rw-r--r--  1 root  wheel  60 Jan 22 00:00 /var/log/pflog
>
> However, the process running pflogd runs as _pflogd. Does this mean I
> should chown the log file with user _pflogd?

I don't think so. Had a look at my machine, /var/log/pflog has permissions 
like on yours.

> _pflogd    248  0.0  0.2  1632  1056  ??  S     6:49AM   0:01.31
> pflogd: [suspended] -s 116 -f /var/log/pflog (pflogd)
>
> To complete the picture:
>
> $ ps aux |grep pf
> root        36  0.0  0.0     0     8  ??  DL    6:49AM   0:01.04 [softdepflush]
> root       246  0.0  0.2  1568  1004  ??  Is    6:49AM   0:00.01
> pflogd: [priv] (pflogd)
> _pflogd    248  0.0  0.2  1632  1056  ??  S     6:49AM   0:01.32
> pflogd: [suspended] -s 116 -f /var/log/pflog (pflogd)

I don't have pflogd: [suspended] though. Its pflogd: [running] for me. 
Have you tried restart /etc/rc.d/pflog?

Sorry, couldn't be of much help.

Regards,
Rakhesh

---
http://rakhesh.net/