|
List Info
Thread: pflogd and newsyslog messages
|
|
| pflogd and newsyslog messages |
 
Australia |
2007-08-28 05:19:42 |
greetings all,
i had a few words with another person who posted a similar
report.
i do not think that this (what is happening is an error but
i cannot
find out why or understand how this is happening .. i would
appreciate
some assistance withe find out, please.
the machine is a recycle p5 133 mhz with buslogic (bt-958)
SCSI host
adapter, a couple of scsi drives (hdd and cd) and 64 mb
dram, a digital
21040 10 mhz nic (de0) std tsenglabs 4000 video card. this
makes for a
nice gateway/router machine. it has worked at this job for
some 15/20
years and sits behind a un-interuptable (sine-wave
conditioner and 2kva
battery. it started out with freebsd v2.0.5-release and is
now running
freebsd v6.2-release. it ran freebsd v2 from 199? (when it
was
released) untill a couple of months ago when i formated the
disk-drives
and did a clean disk installation of freebsd v6.2-release.
sorry i don not have much skill with freebsd v6 ad none with
pf ( i
have been a ipfw user, the one based on v2.0.5).
i noticed these log message entries in /var/log/debug.log
with this
entry.
Aug 25 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
Aug 26 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
Aug 27 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
Aug 28 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
i changed the /etc/newsyslog(5) entry so that it would
gather the data
in one file once a day, makes it easier to use tools like
ethereal to
view the days entries/data/happenings/stuff, when the
newsyslog entry
was as original this log entry would happen 3 or 4 times a
day, as per
my original reply to Michael and his error report, that is
why i
thought that my situation was like his, and it was an error
report.
uuum i am not, sorry, i do not know what is happening here,
would
somebody explain to me what is happening and why pflogd is
making this
log entry, please.
i looked at Google, there was only one entry but it was
associated with
an error situation, a fatal trap 12 in fact, mine is not
like that, it
appears to be pflogd telling me that it is doing, something,
i do not
understand. is it possible to turn this off ?? will it hide
something
if turn this off ??
kind regards
jonathan
please excuse my typing/spelling, english is not my first
language and
i am disabled from birth.
--
============================================================
====
powered by ..
QNX, OS9 and freeBSD -- http://caamora com au/operating
system
==== === appropriate solution in an inappropriate world ===
====
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
|
| Re: pflogd and newsyslog messages |
 
Switzerland |
2007-08-28 05:42:47 |
On Tue, Aug 28, 2007 at 08:19:42PM +1000, jonathan michaels
wrote:
> Aug 25 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
> Aug 26 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
> Aug 27 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
> Aug 28 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
These are perfectly normal. Once every hour, per
/etc/crontab, your
cron(8) is calling newsyslog(8) to rotate log files
according to
/etc/newsyslog.conf, which by default contains
# logfilename [owner:group] mode count size when flags
[/pid_file] [sig_num]
/var/log/pflog 600 3 100 * JB
/var/run/pflogd.pid
If an invokation finds /var/log/pflog larger than 100 kB, it
will rotate
the file (rename the old file, create a new empty one) and
send the
pflogd process a SIGHUP signal. The signal tells pflogd to
re-open its
log file. This is necessary because the process doesn't open
and close
the file each time it appends an entry, but opens the file
only once on
startup and keeps appending through the open file handle.
Without a
signal, pflogd wouldn't close and reopen the log file, and
continue
appending to the old file. Depending on how newsyslog
rotated it, that
would mean either that the old file would continue to grow
or an
unlinked file (not visible with ls(1)) would grow until the
last open
file handle to it is closed (when pflogd dies).
pflogd is logging the receiption the signal with the debug
message you
quoted above. Usually, you wouldn't log debug level messages
to a file,
but you must have edited /etc/syslog.conf to do so. So, if
the messages
bother you, either don't log *.debug or specifically exclude
pflogd.
Daniel
_______________________________________________
freebsd-pffreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
|
| Re: pflogd and newsyslog messages |
Australia |
2007-08-28 08:04:34 |
daniel,
thanks and appreciations fro your promt and timely
responce.
On Tue, Aug 28, 2007 at 12:42:47PM +0200, Daniel Hartmeier
wrote:
> On Tue, Aug 28, 2007 at 08:19:42PM +1000, jonathan
michaels wrote:
>
> > Aug 25 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
> > Aug 26 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
> > Aug 27 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
> > Aug 28 00:00:02 ???????? pflogd[350]: [priv]: msg
PRIV_OPEN_LOG received
>
> These are perfectly normal. Once every hour, per
/etc/crontab, your
> cron(8) is calling newsyslog(8) to rotate log files
according to
> /etc/newsyslog.conf, which by default contains
>
> # logfilename [owner:group] mode count size when
flags [/pid_file] [sig_num]
> /var/log/pflog 600 3 100 * JB
/var/run/pflogd.pid
>
> If an invokation finds /var/log/pflog larger than 100
kB, it will rotate
i changed mine to rotate the log at midnight, regardless of
teh file
size, it makes it easier for me to handle the files ( amongs
other
things i live with severe arthritis, that is why my typing
is bad
sometimes).
> the file (rename the old file, create a new empty one)
and send the
> pflogd process a SIGHUP signal. The signal tells pflogd
to re-open its
> log file. This is necessary because the process doesn't
open and close
> the file each time it appends an entry, but opens the
file only once on
> startup and keeps appending through the open file
handle. Without a
> signal, pflogd wouldn't close and reopen the log file,
and continue
> appending to the old file. Depending on how newsyslog
rotated it, that
> would mean either that the old file would continue to
grow or an
> unlinked file (not visible with ls(1)) would grow until
the last open
> file handle to it is closed (when pflogd dies).
>
> pflogd is logging the receiption the signal with the
debug message you
> quoted above. Usually, you wouldn't log debug level
messages to a file,
> but you must have edited /etc/syslog.conf to do so. So,
if the messages
> bother you, either don't log *.debug or specifically
exclude pflogd.
i don;t know enough to make those sorts of changes, my pf is
what came
with the freebsd that i installed, thank you for this
explanation, i
now understand what is going on and will make teh changes to
to keep
this out of teh log file
i have left teh question and yor answer in this post so that
it goes
into the file/archive so that other people like me, (pf
beginners) will
be able to find yor answer, there is no place written this
answer.
again thank you and much appreciations
kind regards
jonathan
--
============================================================
====
powered by ..
QNX, OS9 and freeBSD -- http://caamora com au/operating
system
==== === appropriate solution in an inappropriate world ===
====
_______________________________________________
freebsd-pffreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
|
[1-3]
|
|