[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: /var/log/pflog is 0 bytes long
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: /var/log/pflog is 0 bytes long
- From: "Raymond C. Rodgers" <obsd_(_at_)_bbnk_(_dot_)_dhs_(_dot_)_org>
- Date: Wed, 01 Dec 2004 20:36:05 -0800
For anyone that might care and/or be interested, I've found a
work-around for this issue which keeps rearing its ugly head after all
this time. Doing a periodic kill -HUP results in a normal return to
proper logging. So, I managed to write a relatively simple cron rule to
start logging properly:
1 * * * * ps -o pid,command -cax|grep pflogd|sed 's/pflogd//g'|xargs kill -HUP
I'm sure that there is probably a more efficient means of doing this but
this does seem to be reliable.
On Fri, 2004-10-08 at 19:25, Raymond C. Rodgers wrote:
> Hi folks,
> I have an x86 system running an up to date v3.3 that seems to be
> experiencing some odd problems as of late. Twice within the last week I
> have gone to peruse the pflog file just to see what's there, and found
> that the file was 0 bytes long, and had been for several hours.
> Considering the tightness of my rules, and what I tend to log (almost
> everything coming in to or out of the network), I'm absolutely positive
> something should have been logged in the last 9 hours that it's been
> I've closed off ssh access from the outside world so that only my
> internal network has access to the host machine, but is this a possible
> sign of intrusion? Or could it be a bug?
> The /var partition has plenty of disk space, so I'm sure that's not
> likely the problem... Thoughts? Ideas?
Raymond C. Rodgers <obsd_(_at_)_bbnk_(_dot_)_dhs_(_dot_)_org>
Visit your host, monkey.org