subject:"pflog filling up \/var mount every 2\-3 days\!"

Re: pflog filling up /var mount every 2-3 days!

2007-11-30 Thread Daniel Ouellet


Jake Conk wrote:

I have to keep coming here each couple of days to check if that is
full and delete them. My question is, is this normal and I just
created my /var mount too small? I think the fact that my pflog is
that big is the actual problem, does anyone know of a way to fix this?


Well, may be I read that wrong, but if you are going there only every 
few days to look if the file is filling your drive, then I guess you are 
not looking at the logs, so stop logging then and your problem will be 
gone. (;


Or just log what you really need.

And yes, your var was obviously to small if you fill it up every few 
days. So log else where on a bigger partition.


Plenty of solution, but the most obvious one based on your comment is to 
stop logging as doesn't look like you look at the content of it.

Re: pflog filling up /var mount every 2-3 days!

2007-11-30 Thread NetOne - Doichin Dokov


Jake Conk P=P0P?P8QP0:

Hello,

I have my /var partitioned out to be 150mb which I thought was a
enough but every 2-3 days it gets full because I end up with a pflog
file that is ridiculously large! Right now I have one that is 53.6mb
and I have gotten them larger like 100mb +!! Because of this my /var
partition fills up and other programs have problems witting logs and
stuff... Here is an example:

$ ls -lah /var/log/ | grep pflog
-rw---   1 root  wheel  98.0K Nov 30 18:02 pflog
-rw---   1 root  wheel  53.6M Nov 30 02:00 pflog.0
-rw---   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
-rw---   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
-rw---   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
-rw---   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
-rw---   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931

I have to keep coming here each couple of days to check if that is
full and delete them. My question is, is this normal and I just
created my /var mount too small? I think the fact that my pflog is
that big is the actual problem, does anyone know of a way to fix this?

Thanks,
- Jake
Perhaps you want to see what's inside it? Look at your pf.conf, see what 
you're logging and if you do need it to be logged. Remove anything 
unnecessary, setup newsyslogd to rotate it - there are plenty of options 
to solve your problem. It's all in the FAQ / man pages.

pflog filling up /var mount every 2-3 days!

2007-11-30 Thread Jake Conk

Hello,

I have my /var partitioned out to be 150mb which I thought was a
enough but every 2-3 days it gets full because I end up with a pflog
file that is ridiculously large! Right now I have one that is 53.6mb
and I have gotten them larger like 100mb +!! Because of this my /var
partition fills up and other programs have problems witting logs and
stuff... Here is an example:

$ ls -lah /var/log/ | grep pflog
-rw---   1 root  wheel  98.0K Nov 30 18:02 pflog
-rw---   1 root  wheel  53.6M Nov 30 02:00 pflog.0
-rw---   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
-rw---   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
-rw---   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
-rw---   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
-rw---   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931

I have to keep coming here each couple of days to check if that is
full and delete them. My question is, is this normal and I just
created my /var mount too small? I think the fact that my pflog is
that big is the actual problem, does anyone know of a way to fix this?

Thanks,
- Jake

Re: pflog filling up /var mount every 2-3 days!

2007-11-30 Thread Brian A. Seklecki


On Fri, 30 Nov 2007, Jake Conk wrote:


Hello,

I have my /var partitioned out to be 150mb which I thought was a


You're probably getting a lot of log hits on a default block log all at 
the end of your rules.  You can prevent a lot of crud by doing block 
quicks w/o log statements for the following:


-) Multicast crud (Apple users)
-) Windows NetBIOS/CIFS Broadcast crap
-) IPv6

Good examples can be found.

~BAS

Re: pflog filling up /var mount every 2-3 days!

2007-11-30 Thread Jake Conk

On Nov 30, 2007 7:47 PM, NetOne - Doichin Dokov [EMAIL PROTECTED] wrote:
 Jake Conk P=P0P?P8Q P0:

  Hello,
 
  I have my /var partitioned out to be 150mb which I thought was a
  enough but every 2-3 days it gets full because I end up with a pflog
  file that is ridiculously large! Right now I have one that is 53.6mb
  and I have gotten them larger like 100mb +!! Because of this my /var
  partition fills up and other programs have problems witting logs and
  stuff... Here is an example:
 
  $ ls -lah /var/log/ | grep pflog
  -rw---   1 root  wheel  98.0K Nov 30 18:02 pflog
  -rw---   1 root  wheel  53.6M Nov 30 02:00 pflog.0
  -rw---   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
  -rw---   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
  -rw---   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
  -rw---   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
  -rw---   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931
 
  I have to keep coming here each couple of days to check if that is
  full and delete them. My question is, is this normal and I just
  created my /var mount too small? I think the fact that my pflog is
  that big is the actual problem, does anyone know of a way to fix this?
 
  Thanks,
  - Jake
 Perhaps you want to see what's inside it? Look at your pf.conf, see what
 you're logging and if you do need it to be logged. Remove anything
 unnecessary, setup newsyslogd to rotate it - there are plenty of options
 to solve your problem. It's all in the FAQ / man pages.



Thanks guys for your replies... I'll try to cut down on the all the
useless logging I'm doing but when I opened the log files up to see
what was inside them I only saw all this binary stuff. I assume thats
not what's supposed to be in the pflogs right? Any ideas why I'm
getting binary stuff in the logs?

Thanks,
- Jake

Re: pflog filling up /var mount every 2-3 days!

2007-11-30 Thread Richard Toohey


On 1/12/2007, at 7:23 PM, Jake Conk wrote:


Thanks guys for your replies... I'll try to cut down on the all the
useless logging I'm doing but when I opened the log files up to see
what was inside them I only saw all this binary stuff. I assume thats
not what's supposed to be in the pflogs right? Any ideas why I'm
getting binary stuff in the logs?

Thanks,
- Jake


http://www.openbsd.org/faq/pf/index.html
http://www.openbsd.org/faq/pf/logging.html
http://www.openbsd.org/faq/pf/logging.html#logfile

See tcpdump.

Re: pflog filling up /var mount every 2-3 days!

2007-11-30 Thread Daniel Ouellet


Jake Conk wrote:

Thanks guys for your replies... I'll try to cut down on the all the
useless logging I'm doing but when I opened the log files up to see
what was inside them I only saw all this binary stuff. I assume thats
not what's supposed to be in the pflogs right? Any ideas why I'm
getting binary stuff in the logs?


I guess this show you just don't need to log things here as you never 
read them.


man(8) pflogd

Display binary logs:

   # tcpdump -n -e -ttt -r /var/log/pflog


And go read the faq on openbsd.org. They are a very big source of 
informations. It's all there, so help yourself.


http://openbsd.org/faq/pf/logging.html

Hope this help you some.

Best,

Daniel

Re: pflog filling up /var mount every 2-3 days!

2007-11-30 Thread Ivan Hudiakov


Brian A. Seklecki ?:

On Fri, 30 Nov 2007, Jake Conk wrote:


Hello,

I have my /var partitioned out to be 150mb which I thought was a


You're probably getting a lot of log hits on a default block log all 
at the end of your rules. You can prevent a lot of crud by doing 
block quicks w/o log statements for the following:


-) Multicast crud (Apple users)
-) Windows NetBIOS/CIFS Broadcast crap
-) IPv6

Good examples can be found.

~BAS



Hi, Jake,

You are absolutly correct - 150 mb is too small for /var partition and 
only configuring of PF logging will not be enought. But I am sure that 
it is good idea to keep all the the information of pflog files. So, you 
have several ways to solve this problem:


1) Make a directory on some bigger partition and setup newsyslog by 
editing /etc/newsyslog.conf to store archieved logs in that folder.


2) Move log folder to some bigger partition and create symbolic link to 
that place in /var partition.


PS: And never stop logging, truth is in the logs.

Regards,
Ivan Hudiakov

Re: pflog filling up /var mount every 2-3 days!

Re: pflog filling up /var mount every 2-3 days!

pflog filling up /var mount every 2-3 days!

Re: pflog filling up /var mount every 2-3 days!

Re: pflog filling up /var mount every 2-3 days!

Re: pflog filling up /var mount every 2-3 days!

Re: pflog filling up /var mount every 2-3 days!

Re: pflog filling up /var mount every 2-3 days!

8 matches

Site Navigation

Mail list logo

Footer information