Kabayan <[email protected]> writes: > Problem solve after I restart pflogd > New problem is Why the pflogd process almost use 100% capacity of my /var ?
My guess would be that your pf.conf logs traffic with log (all) on at least one rule that matches a lot of traffic, and possibly your newsyslog.conf does not implement a very aggressive log rotation schedule. Logging all packets is not all that useful unless you're deep in debugging something. If you want to do traffic accounting, it's easier to either use labels and extract the values at intervals, or set up with pflow (set state-defaults pflow) and collect the netflow data somewhere with enough disk space to slice and dice the data separately. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
