Re: pf working but no log
On 11/7/06, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: How do I create the pflog file then? Thank you! As far as I know, you don't need to create it yourself. I certainly didn't have to do that. If you look at man pflogd it says the daemon logs to /var/log/pflog by default. That it doesn't on your system makes me think you haven't got pf set up correctly on it. Do you have a pflog0 interface? ifconfig pflog0 -- Juha http://www.geekzone.co.nz/juha ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
Dear Giorgos, Juha and others, On Tue, 7 Nov 2006, Giorgos Keramidas wrote: No, and now when I think about it the main problem is that it has never been started (maybe). I tried to follow the manual and issued /etc/rc.d/pflogd start but I have no such file in that directory. Hmmm, this is odd. What version of FreeBSD are you running? All I needed to do (instead of bothering you) was to look into /etc/rc.d/ directory. It contained pflog file so I issued: sudo /etc/rc.d/pflog start and it all started to work. Thank you for your support and sorry for bothering! -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
On 2006-11-07 08:53, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: >On Tue, 7 Nov 2006, Giorgos Keramidas wrote: >> No, that should be ok. Can you see pflogd running when you run: >> >># pgrep pflogd | xargs ps -xau -p > > No, and now when I think about it the main problem is that it has > never been started (maybe). I tried to follow the manual and issued > /etc/rc.d/pflogd start but I have no such file in that directory. Hmmm, this is odd. What version of FreeBSD are you running? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
Hello again, On Tue, 7 Nov 2006, Giorgos Keramidas wrote: No, that should be ok. Can you see pflogd running when you run: # pgrep pflogd | xargs ps -xau -p No, and now when I think about it the main problem is that it has never been started (maybe). I tried to follow the manual and issued /etc/rc.d/pflogd start but I have no such file in that directory. Then I tried /sbin/pflogd start but it did not seem to make any diference. When I run whereis I get: pflogd: /sbin/pflogd /usr/share/man/man8/pflogd.8.gz /usr/src/sbin/pflogd Awfully sorry then but how do I start pflogd under FBSD? I read the man for pflogd but it does not say how to start/stop it. Thanks! -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
On 2006-11-07 07:57, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: >On Tue, 7 Nov 2006, Juha Saarinen wrote: >> That file should be a pcap file: > > Maybe that's the problem then - that I created it using touch? No, that should be ok. Can you see pflogd running when you run: # pgrep pflogd | xargs ps -xau -p After you created that file, did you restart pflogd? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
Hello, On Tue, 7 Nov 2006, Juha Saarinen wrote: That file should be a pcap file: Maybe that's the problem then - that I created it using touch? $ sudo file /var/log/pflog I only get: /var/log/pflog: empty What do you see if you do: $sudo /etc/rc.d/pf status No ALTQ support in kernel ALTQ related functions disabled Status: Enabled for 0 days 07:25:33 Debug: Urgent Hostid: 0x605bc923 State Table Total Rate current entries0 searches 1229576 46.0/s inserts00.0/s removals 00.0/s Counters match1229576 46.0/s bad-offset 00.0/s fragment 00.0/s short 00.0/s normalize 00.0/s memory 00.0/s bad-timestamp 00.0/s congestion 00.0/s ip-option 00.0/s proto-cksum00.0/s state-mismatch 00.0/s state-insert 00.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s How do I create the pflog file then? Thank you! -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
On 11/7/06, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: -rw-r--r-- 1 root wheel - 0 Nov 6 19:24 /var/log/pflog I created the file by using touch command. Thanks! That file should be a pcap file: $ sudo file /var/log/pflog /var/log/pflog: tcpdump capture file (little-endian) - version 2.4 (OpenBSD PFLOG, capture length 116) What do you see if you do: $sudo /etc/rc.d/pf status -- Juha http://www.geekzone.co.nz/juha ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
Hello again, On Tue, 7 Nov 2006, Giorgos Keramidas wrote: * Have you restarted it at all, after the configuration options were set? I believe I did by running /etc/rc.d/pf stop/start. Starting/stopping has no efect on pflog file in terms of changing its modification time time. * Does the file '/var/log/pflog' exist? If yes, who is its owner and what are its permissions? Is it empty? -rw-r--r-- 1 root wheel - 0 Nov 6 19:24 /var/log/pflog I created the file by using touch command. Thanks! -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
On 2006-11-06 22:57, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: > On Mon, 6 Nov 2006, Giorgos Keramidas wrote: >> I think there's a slight misunderstanding here. PF is *not* >> ipfilter, so unless you've done something special it doesn't log to >> ipfilter.log. >> >> Can you show us the exact rc.conf settings you used for PF? > > Acutally I made a typo when writting the email. I just called the log > pflog (which I forgot and thought I had called it > ipfileter.log). That's alright. > Here's the snippet: > > #pf-related conf > pf_enable="YES" # Enable PF (load module if required) > pf_rules="/etc/pf.conf" # rules definition file for PF > pflog_enable="YES" # start pflogd(8) > pflog_logfile="/var/log/pflog" # where pflogd should store the logfile > > Sorry for the confusion and thanks for being willing to help! I > appreciate that very much! Cool. The pf should be logging. * Have you restarted it at all, after the configuration options were set? * Does the file '/var/log/pflog' exist? If yes, who is its owner and what are its permissions? Is it empty? # /bin/ls -olbF /var/log/pflog ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
Hello, On Mon, 6 Nov 2006, Giorgos Keramidas wrote: I think there's a slight misunderstanding here. PF is *not* ipfilter, so unless you've done something special it doesn't log to ipfilter.log. Can you show us the exact rc.conf settings you used for PF? Acutally I made a typo when writting the email. I just called the log pflog (which I forgot and thought I had called it ipfileter.log). Here's the snippet: #pf-related conf pf_enable="YES" # Enable PF (load module if required) pf_rules="/etc/pf.conf" # rules definition file for PF pflog_enable="YES" # start pflogd(8) pflog_logfile="/var/log/pflog" # where pflogd should store the logfile Sorry for the confusion and thanks for being willing to help! I appreciate that very much! -- Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf working but no log
On 2006-11-06 19:40, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: > Hello, > > I configured the pf utility on FBSD 6.1 stable. > > I put in a very simple rule to test: > > block in log on $ext_if proto tcp from 218.83.108.230 to any port 25 > > Now, my conf file specifies that logging should be done to > /var/log/ipfilter.log I think there's a slight misunderstanding here. PF is *not* ipfilter, so unless you've done something special it doesn't log to ipfilter.log. Can you show us the exact rc.conf settings you used for PF? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
