IPF Syslog woes

Fri, 21 Oct 2005 13:13:42 -0700 

Hello all,
I imagine there is a simple answer to this problem and I cannot see it. I have a FreeBSD 5.4-RELEASE-p8 install on a gateway (PIII 850Mhz, 256 mb ram, 4.3GB IDE drive, 2 Intel Pro 1000 MT NICs) running IPF. 

I have syslog.conf set to:

*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;security.none 
    /var/log/messages

#security.*                                     /var/log/security
security.*                                      /var/log/ipfilter.log



#more /etc/newsyslog.conf:
/var/log/ipfilter.log    600  14    100  *     J     /var/run/ipmon.pid


#ls -al /var/log:
-rw-------   1 root  wheel     73 Oct 21 14:54 ipfilter.log


#more /var/log/ipfilter.log
Oct 21 13:00:00 war newsyslog[611]: logfile turned over due to size>100K



This has occured since I moved from an old FreeBSD 4.6 machine to this 
one. They both use the same ipf.rules, ipnat.rules and similar (but not 
identical) sysctl.conf. I did move to a 2U rackmount server w/  a 3 card 
PCI riser that the NICs are in. I have run IPF and FreeBSD for a number 
of years now and I have never seen my syslog just stop logging. It 
happens when the log file rolls over. I cannot tell if this is a FreeBSD 
or IPF issue. Syslog continues to work for other things (ie messages, 
auth.log, etc) but this logging facility just dies. Can the logging 
facility become overloaded?


# ipfstat
 IPv6 packets:          in 0 out 8

 input packets:         blocked 4653 passed 1067649 nomatch 14794 
counted 0 short 0
output packets:         blocked 6 passed 1066821 nomatch 14636 counted 0 
short 0

 input packets logged:  blocked 4515 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 1647 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 26319      lost 0
packet state(out):      kept 79 lost 6
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  63793   (out):  63755
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
Packet log flags set: (0)
        none


# ipfstat -s
IP states added:
        25907 TCP
        426 UDP
        4 ICMP
        3560970 hits
        354008 misses
        0 maximum
        0 no memory
        463 bkts in use
        89 logged
        52505 log failures
        480 active
        430 expired
        25827 closed


Any help is appreciated.

Peter Clark























					Reply via email to