Jan: Your question is ignoring what I wrote, which is that pflogd is not started at all, so logging will not happen regardless of my ruleset. But yes, logging in enabled in pf.conf and yes, I can see the rules are being executed that should log via pf.control.
I didn't think as a reasonably experienced user, clearly comfortable playing with a snapshot, that I would need to say that, especially as I was pointing the discussion at the starting / not starting status of the daemon. On Sun, Mar 24, 2013 at 10:22 AM, Jan Stary <h...@stare.cz> wrote: > On Mar 24 10:13:05, thatseattle...@gmail.com wrote: >> I'm playing with the latest 5.3 snapshot and I'm getting an >> always-empty /var/log/pflog. I'm wondering if there's a problem with >> the snapshot (unlikely) or something I did wrong in my configuration >> (much more likely). >> >> ps -aux shows "pflogd" is not running, which I assume is the source of >> the problem. In rc.conf (which I did not change of course) the pf >> lines are: >> >> pf=YES # Packet filter / NAT >> pf_rules=/etc/pf.conf # Packet filter rules file >> pflogd_flags= # add more flags, e.g. "-s 256" >> >> And here's my rc.conf.local: >> >> ntpd_flags="" >> hotplugd_flags="" >> named_flags="" >> check_quotas=NO >> >> That's it. Is there something I should be doing in rc.conf.local or >> elsewhere to get pflogd running? (I could do pflogd_flags=YES, maybe, >> but I thought that wasn't necessary, that pflogd would start >> automagically if pf was enabled.) > > Do you actually log something in your pf.conf? > Does such traffic actually occur?
