From owner-freebsd-questions@FreeBSD.ORG Tue Jan 22 17:15:21 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17D4F16A46E for ; Tue, 22 Jan 2008 17:15:21 +0000 (UTC) (envelope-from rakhesh@rakhesh.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.235]) by mx1.freebsd.org (Postfix) with ESMTP id CFC0C13C47E for ; Tue, 22 Jan 2008 17:15:20 +0000 (UTC) (envelope-from rakhesh@rakhesh.com) Received: by nz-out-0506.google.com with SMTP id l8so1400053nzf.13 for ; Tue, 22 Jan 2008 09:15:20 -0800 (PST) Received: by 10.110.68.10 with SMTP id q10mr3823254tia.22.1201022117889; Tue, 22 Jan 2008 09:15:17 -0800 (PST) Received: from smtp.home.rakhesh.com ( [82.178.100.29]) by mx.google.com with ESMTPS id h39sm33072686wxd.14.2008.01.22.09.15.10 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 22 Jan 2008 09:15:15 -0800 (PST) Received: from dogmatix (dogmatix [192.168.17.31]) by smtp.home.rakhesh.com (Postfix) with ESMTP id C3EE91140D; Tue, 22 Jan 2008 21:15:02 +0400 (GST) Date: Tue, 22 Jan 2008 21:15:02 +0400 (GST) X-X-Sender: rakhesh@dogmatix.home.rakhesh.com To: Zbigniew Szalbot In-Reply-To: <94136a2c0801220845w6bbf50c9q7ba59052c72e871d@mail.gmail.com> Message-ID: <20080122211202.Q45709@dogmatix.home.rakhesh.com> References: <94136a2c0801220259x1b7dd4efw7a8fc1e8a60d2cc9@mail.gmail.com> <20080122202158.R45709@dogmatix.home.rakhesh.com> <94136a2c0801220845w6bbf50c9q7ba59052c72e871d@mail.gmail.com> X-Blog: http://rakhesh.com/ X-Notes: http://rakhesh.net/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed From: Rakhesh Sasidharan Cc: freebsd-questions@freebsd.org Subject: Re: pflogd log X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2008 17:15:21 -0000 Zbigniew Szalbot wrote: > Hello, > > 2008/1/22, Rakhesh Sasidharan : >> >>> I noticed that pflog is not being written to. >>> >>> $ l /var/log/pflog >>> -rw-r--r-- 1 root wheel 60 Jan 22 00:00 /var/log/pflog >>> >>> However, the process running pflogd runs as _pflogd. Does this mean I >>> should chown the log file with user _pflogd? >> >> I don't think so. Had a look at my machine, /var/log/pflog has permissions >> like on yours. >> >>> _pflogd 248 0.0 0.2 1632 1056 ?? S 6:49AM 0:01.31 >>> pflogd: [suspended] -s 116 -f /var/log/pflog (pflogd) >>> >>> To complete the picture: >>> >>> $ ps aux |grep pf >>> root 36 0.0 0.0 0 8 ?? DL 6:49AM 0:01.04 [softdepflush] >>> root 246 0.0 0.2 1568 1004 ?? Is 6:49AM 0:00.01 >>> pflogd: [priv] (pflogd) >>> _pflogd 248 0.0 0.2 1632 1056 ?? S 6:49AM 0:01.32 >>> pflogd: [suspended] -s 116 -f /var/log/pflog (pflogd) >> >> I don't have pflogd: [suspended] though. Its pflogd: [running] for me. >> Have you tried restart /etc/rc.d/pflog? > > Thanks! Need to find out what is going on. Have restarted pflogd but > it is still showing suspend for me. Try sending the pflogd process a HUP or ALRM signal. That should do the trick. Funny how I missed it the first time, but I had a look at the pflogd(8) manpage once again and it talks about this problem. This is the para just above the options section. Let me know how it goes. Also, just noticed now that my /var/log/pflog file doesn't have read perms for the others group. Would suggest removing that and trying again. Possible the extra perms are an issue. Regards, Rakhesh --- http://rakhesh.net/