Hi folks,
On 11/28/20 5:13 PM, Stuart Henderson wrote:
>
> It is easy enough to add the filename, but adding that to the log
> might suggest to users that things are setup to handle multiple pflogd
> processes and that is not the case.
>
> Various parts of the system would need changing in order to handle this.
> Currently there is no way to distinguish between multiple "priv" processes
> as the process title doesn't show the command-line flags. In order to
> support multiple pflogd processes this would need adding, then the rc.d
> scripts and default newsyslog.conf entry would need updating to use them.
>
I have to admit that this was my fault. There were 2 pflogd writing to
/var/log/pflog, AFAICS. The other 2 were not even started.
To support 4 pflog interfaces I had to create 4 symlinks in /sbin
ln -s pflogd /sbin/pflogd0
ln -s pflogd /sbin/pflogd1
ln -s pflogd /sbin/pflogd2
ln -s pflogd /sbin/pflogd3
and to create 4 rc scripts in /etc/rc.d, e.g /etc/rc.d/pflogd2:
#!/bin/ksh
daemon="/sbin/pflogd2"
. /etc/rc.d/rc.subr
pexp="pflogd2: \[priv\]"
rc_pre() {
if pfctl -si | grep -q Enabled; then
ifconfig pflog2 create
if ifconfig pflog2; then
ifconfig pflog2 up
else
return 1
fi
else
return 1
fi
}
rc_cmd $1
Each pflogd had to be configured accordingly using rcctl, e.g.
rcctl enable pflogd2
rcctl set pflogd2 flags "-i pflog2 -f /var/log/pflog2"
rcctl start pflogd2
(Be careful, if you disable and enable the service, then you have to
set the flags again.)
Finally I had to add the new log files to newsyslog.conf:
/var/log/pflog0 600 7 65536 24 ZB "pkill -HUP -u root -U root -t - -x pflogd0"
/var/log/pflog1 600 7 65536 24 ZB "pkill -HUP -u root -U root -t - -x pflogd1"
/var/log/pflog2 600 7 65536 24 ZB "pkill -HUP -u root -U root -t - -x pflogd2"
/var/log/pflog3 600 7 65536 24 ZB "pkill -HUP -u root -U root -t - -x pflogd3"
Hope this is helpful to anybody.
Regards
Harri
No comments:
Post a Comment