i'm using FreeBSD v6.2-RELEASE + pf + pflog.
firewall works great, and i can watch real-time output on
logging_device:pflog0 with,
tcpdump -tttt -nei pflog0
i'd like to archive & rotate the logs as well, so, following instructions at,
"Packet Logging Through Syslog"
http://www.openbsd.org/faq/pf/logging.html
i've -- supposedly -- setup for pf to log in ASCII to /var/log/pflog.txt etc etc
when i start pf, I see in the logs dir,
ls -al *pf*
-rw------- 1 root wheel 24 Apr 23 13:30 pflog
-rw------- 1 root wheel 0 Apr 23 13:20 pflog.txt
which, as time passes, show 'pflog' growing as expected,
ls -al *pf*
-rw------- 1 root wheel 1056 Apr 23 13:45 pflog
-rw------- 1 root wheel 0 Apr 23 13:20 pflog.txt
if i exec the /etc/pflogrotate script either manually @ shell, or via
cron, i see,
reading from file /var/log/pflog5min.200704231347, link-type PFLOG
(OpenBSD pflog file)
but immediately afterwards, checking in the log dir, i see only,
ls -alt /var/log/*pf*
-rw------- 1 root wheel 24 Apr 23 13:48 pflog
-rw------- 1 root wheel 0 Apr 23 13:47 pflog.txt
with no trace of the rolled log :-/
if i allow the top of the hour to pass, the newsyslog cron job fires,
after which i see,
ls -alt /var/log/*pf*
-rw------- 1 root wheel 24 Apr 23 14:00 /var/log/pflog
-rw------- 1 root wheel 62 Apr 23 14:00 /var/log/pflog.txt
-rw------- 1 root wheel 62 Apr 23 14:00 /var/log/pflog.txt.0
where,
cat /var/log/pflog.txt.0
Apr 23 14:00:00 router newsyslog[36971]: logfile turned over
bottom line -- i'm not getting my ascii-based pf-logs anywhere.
any suggestions as to what i'm missing would be appreciated :-/
thanks!
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
