Date: Wed, 14 Nov 2007 18:19:18 +0200 From: Tobias Ernst <tobi@casino.uni-stuttgart.de> To: freebsd-pf@freebsd.org Subject: How to prevent FS overflow due to excessive logging? Message-ID: <473B2006.8050000@casino.uni-stuttgart.de>
next in thread | raw e-mail | index | archive | help
Hi all, we have a default policy that logs all dropped packets. Accordingly, I have carefully adjusted my newsyslogd configuration and made sure there is plenty of space in /var/log. Today, one of our computers started sending out UDP packets to a certain (seemingly unknown) IP address, port 7800. And it sent many of them - about 2 million within one hour. This led to a 3 GIG pflog file and of course made our file system overflow. We are currently figuring out what that was, but there is another question that boggles me: how do I prevent such file system overflows in the future? With conventional syslogd logging, syslogd will not print out lines that are excessive repetitions of previous lines. Is there a way to make PF not log excessive repetitions? I do not want to disable UDP logging generally - after all I want to be told when things like this happen. Regards Tobias -- Universität Stuttgart|Fakultät für Architektur und Stadtplanung|casinoIT 70174 Stuttgart Geschwister-Scholl-Straße 24D T +49 (0)711 121-4228 F +49 (0)711 121-4276 E office@casino.uni-stuttgart.de I http://www.casino.uni-stuttgart.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?473B2006.8050000>