Hi folks,
On 11/28/20 5:13 PM, Stuart Henderson wrote:
It is easy enough to add the filename, but adding that to the log
might suggest to users that things are setup to handle multiple pflogd
processes and that is not the case.
Various parts of the system would need changing in order to handle this.
Currently there is no way to distinguish between multiple "priv" processes
as the process title doesn't show the command-line flags. In order to
support multiple pflogd processes this would need adding, then the rc.d
scripts and default newsyslog.conf entry would need updating to use them.
I have to admit that this was my fault. There were 2 pflogd writing to
/var/log/pflog, AFAICS. The other 2 were not even started.
To support 4 pflog interfaces I had to create 4 symlinks in /sbin
ln -s pflogd /sbin/pflogd0
ln -s pflogd /sbin/pflogd1
ln -s pflogd /sbin/pflogd2
ln -s pflogd /sbin/pflogd3
and to create 4 rc scripts in /etc/rc.d, e.g /etc/rc.d/pflogd2:
#!/bin/ksh
daemon="/sbin/pflogd2"
. /etc/rc.d/rc.subr
pexp="pflogd2: \[priv\]"
rc_pre() {
if pfctl -si | grep -q Enabled; then
ifconfig pflog2 create
if ifconfig pflog2; then
ifconfig pflog2 up
else
return 1
fi
else
return 1
fi
}
rc_cmd $1
Each pflogd had to be configured accordingly using rcctl, e.g.
rcctl enable pflogd2
rcctl set pflogd2 flags "-i pflog2 -f /var/log/pflog2"
rcctl start pflogd2
(Be careful, if you disable and enable the service, then you have to
set the flags again.)
Finally I had to add the new log files to newsyslog.conf:
/var/log/pflog0 600 7 65536 24 ZB "pkill -HUP -u root -U
root -t - -x pflogd0"
/var/log/pflog1 600 7 65536 24 ZB "pkill -HUP -u root -U
root -t - -x pflogd1"
/var/log/pflog2 600 7 65536 24 ZB "pkill -HUP -u root -U
root -t - -x pflogd2"
/var/log/pflog3 600 7 65536 24 ZB "pkill -HUP -u root -U
root -t - -x pflogd3"
Hope this is helpful to anybody.
Regards
Harri
