Brian A. Seklecki ?????:
On Fri, 30 Nov 2007, Jake Conk wrote:
Hello,
I have my /var partitioned out to be 150mb which I thought was a
You're probably getting a lot of log hits on a "default block log all"
at the end of your rules. You can prevent a lot of crud by doing
"block quicks" w/o log statements for the following:
-) Multicast crud (Apple users)
-) Windows NetBIOS/CIFS Broadcast crap
-) IPv6
Good examples can be found.
~BAS
Hi, Jake,
You are absolutly correct - 150 mb is too small for /var partition and
only configuring of PF logging will not be enought. But I am sure that
it is good idea to keep all the the information of pflog files. So, you
have several ways to solve this problem:
1) Make a directory on some bigger partition and setup newsyslog by
editing /etc/newsyslog.conf to store archieved logs in that folder.
2) Move log folder to some bigger partition and create symbolic link to
that place in /var partition.
PS: And never stop logging, truth is in the logs.
Regards,
Ivan Hudiakov