[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /var/log/pflog is 0 bytes long

For anyone that might care and/or be interested, I've found a
work-around for this issue which keeps rearing its ugly head after all
this time. Doing a periodic kill -HUP results in a normal return to
proper logging. So, I managed to write a relatively simple cron rule to
start logging properly:

1 * * * * ps -o pid,command -cax|grep pflogd|sed  's/pflogd//g'|xargs kill -HUP

I'm sure that there is probably a more efficient means of doing this but
this does seem to be reliable.

On Fri, 2004-10-08 at 19:25, Raymond C. Rodgers wrote:
> Hi folks,
> 	I have an x86 system running an up to date v3.3 that seems to be
> experiencing some odd problems as of late. Twice within the last week I
> have gone to peruse the pflog file just to see what's there, and found
> that the file was 0 bytes long, and had been for several hours.
> Considering the tightness of my rules, and what I tend to log (almost
> everything coming in to or out of the network), I'm absolutely positive
> something should have been logged in the last 9 hours that it's been
> empty.
>  I've closed off ssh access from the outside world so that only my
> internal network has access to the host machine, but is this a possible
> sign of intrusion? Or could it be a bug?
>  The /var partition has plenty of disk space, so I'm sure that's not
> likely the problem... Thoughts? Ideas?
> Raymond
Raymond C. Rodgers <obsd_(_at_)_bbnk_(_dot_)_dhs_(_dot_)_org>