Date: Thu, 16 Sep 2004 17:53:51 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Cc: Hugo Silva <klr@6s-gaming.com> Subject: Re: pf not logging on 5.3-BETA3 ? Message-ID: <200409161754.09205.max@love2party.net> In-Reply-To: <4149AE26.6010103@veldy.net> References: <58653.81.84.174.8.1095267239.squirrel@81.84.174.8> <4149AE26.6010103@veldy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thursday 16 September 2004 17:15, Thomas T. Veldhouse wrote: > Hugo Silva wrote: > >Hi, > > > >I can't make pf log to a logfile on the 5.3-BETA3. I didn't have any > >problems with this on 5.2.1-RELEASE-p9 using the port.. > > > >I can access pflog0 and there I will see entries that are matching the > >blocks, but I can't tail /var/log/pflog (empty). > > > >I've added device pf, pfsync, pflog to the kernel, and have the following > >on rc.conf: > > > >pf_enable="YES" > >pf_logd="YES" > >pflog_logfile="/var/log/pflog" > >pf_rules="/etc/pf.conf" > > > >The ruleset won't load automatically either (I think it should be > >pf_conf=, but /etc/defaults/rc.conf shows pf_rules ...). pflogd won't > >start, if I start it by hand it won't work either (starts, exits)... Okay, have you guys read UPDATING? > 20040623: > pf was updated to OpenBSD-stable 3.5 and pflogd(8) is privilege > separated now. It uses the newly created "_pflogd" user/group > combination. If you plan to use pflogd(8) make sure to run > mergemaster -p or install the "_pflogd" user and group manually. > >The /var/log/pflog file is there, owned root:wheel. But no entries are > >being added to the log. If I try to see it like: > > > >[root@evilreborn:/usr/src/sys/i386/conf]# pflog > >tcpdump: WARNING: pflog0: no IPv4 address assigned > >tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > >listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 > >bytes > > > >it works (btw, i had to ifconfig pflog0 up or it wouldn't work, this is > > dumb) > > > >But it won't write the blocked/logged entries to the logfile. Am I missing > >something obvious here? > > I am seeing these same issue. PF is working just fine, but > /var/log/pflog is only 24 bytes long and full of garbage. Remove this before retrying ... > FreeBSD fuggle.veldy.net 5.3-BETA4 FreeBSD 5.3-BETA4 #1: Tue Sep 14 > 22:08:40 CDT 2004 > veldy@fuggle.veldy.net:/usr/src/sys/i386/compile/FUGGLE i386 > > Tom Veldhouse -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBSbchXyyEoT62BG0RAn7TAJ9ObjUhdoyS214RPAzaK0DMYhKPOwCfVDsv y2IqrsjKKJVt8sdVvfllDYo= =TfQx -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409161754.09205.max>