Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Jan 2008 21:15:02 +0400 (GST)
From:      Rakhesh Sasidharan <rakhesh@rakhesh.com>
To:        Zbigniew Szalbot <zszalbot@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: pflogd log
Message-ID:  <20080122211202.Q45709@dogmatix.home.rakhesh.com>
In-Reply-To: <94136a2c0801220845w6bbf50c9q7ba59052c72e871d@mail.gmail.com>
References:  <94136a2c0801220259x1b7dd4efw7a8fc1e8a60d2cc9@mail.gmail.com>  <20080122202158.R45709@dogmatix.home.rakhesh.com> <94136a2c0801220845w6bbf50c9q7ba59052c72e871d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Zbigniew Szalbot wrote:

> Hello,
>
> 2008/1/22, Rakhesh Sasidharan <rakhesh@rakhesh.com>:
>>
>>> I noticed that pflog is not being written to.
>>>
>>> $ l /var/log/pflog
>>> -rw-r--r--  1 root  wheel  60 Jan 22 00:00 /var/log/pflog
>>>
>>> However, the process running pflogd runs as _pflogd. Does this mean I
>>> should chown the log file with user _pflogd?
>>
>> I don't think so. Had a look at my machine, /var/log/pflog has permissions
>> like on yours.
>>
>>> _pflogd    248  0.0  0.2  1632  1056  ??  S     6:49AM   0:01.31
>>> pflogd: [suspended] -s 116 -f /var/log/pflog (pflogd)
>>>
>>> To complete the picture:
>>>
>>> $ ps aux |grep pf
>>> root        36  0.0  0.0     0     8  ??  DL    6:49AM   0:01.04 [softdepflush]
>>> root       246  0.0  0.2  1568  1004  ??  Is    6:49AM   0:00.01
>>> pflogd: [priv] (pflogd)
>>> _pflogd    248  0.0  0.2  1632  1056  ??  S     6:49AM   0:01.32
>>> pflogd: [suspended] -s 116 -f /var/log/pflog (pflogd)
>>
>> I don't have pflogd: [suspended] though. Its pflogd: [running] for me.
>> Have you tried restart /etc/rc.d/pflog?
>
> Thanks! Need to find out what is going on. Have restarted pflogd but
> it is still showing suspend for me.

Try sending the pflogd process a HUP or ALRM signal. That should do the 
trick. Funny how I missed it the first time, but I had a look at the 
pflogd(8) manpage once again and it talks about this problem.

This is the para just above the options section.

Let me know how it goes.

Also, just noticed now that my /var/log/pflog file doesn't have read perms 
for the others group. Would suggest removing that and trying again. 
Possible the extra perms are an issue.

Regards,
Rakhesh

---
http://rakhesh.net/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080122211202.Q45709>