Dear list,

I use ipfilter exclusively in all the FreeBSD systems I ever set up /
administer since FreeBSD 4.x at least. In addition, in all my systems I
have a habit of logging ipfilter to a different file, by using the
following setting in /etc/rc.conf:-

ipmon_enable="YES"
ipmon_flags="-D /var/log/ipflog"

and rotating it in newsyslog.conf:-

/var/log/ipflog         640  7     1000 *     J

Reason for this is I also turn on /var/log/all.log (logging everything),
so default ipmon settings tend to clutter the logs.

Anyway, since FreeBSD v5.x (been using it since a while before
5.0-RELEASE), in at least 3 of the machines I administer, rotation works
fine, and ipmon resumes logging afterwards. However the partition where
/var/log/ipflog resides gradually fills up, until 100% full.  Curiously,
killing ipmon process releases back the space taken.

Adding /var/run/ipmon.pid at the end of newsyslog.conf line above stops
the above symptom, but ipmon stopped logging after each rotation.

My last resort is to cook up own rotation, as some ppl have done here:-

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=br00p7%24b9o%241%40FreeBSD.csie.NCTU.edu.tw&rnum=5&prev=/groups%3Fq%3Dipmon%2Brotation%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26scoring%3Dd

But before that, any other ideas? Should I send-pr?

Thanks.

--mendonan
"Yang mimpikan secangkir kopi panas dengan selimut.."
 (Dreaming of a cup of hot coffee, and a blanket..")
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to