kern/178482: [ipfw] logging problem from vnet jail
Ian Smith
smithi at nimnet.asn.au
Wed May 22 13:50:02 UTC 2013
The following reply was made to PR kern/178482; it has been noted by GNATS.
From: Ian Smith <smithi at nimnet.asn.au>
To: bug-followup at FreeBSD.org, fbsd8 at a1poweruser.com
Cc:
Subject: Re: kern/178482: [ipfw] logging problem from vnet jail
Date: Wed, 22 May 2013 23:44:40 +1000
> 9.1-RELEASE kernel with modules and vimage plus ipfw compiled in.
> vnet jails running ipfw are logging to the host security file and
> don't log any ipfw log messages to the hosts message file. Secondly
> the vnet jails security and messages files never get populated with
> ipfw log messages.
Logging to the host's syslog rather than the jail's appears to be the
main/real issue here, confirmed and demonstrated by Anders Hagman, see
http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-May/005398.html
> logger command works. logged msg in both security and messages on
> host
> vnet jail can ping the public internet.
> Hosts security file has log messages from both jail and host.
> ipfw log messages are not being put into the hosts messages file.
Apart from certain admin messages such as ipfw initialisation, 'limit N
reached on rule X' and 'Entry X logging count reset.' ipfw log messages
are never written to /var/log/messages but only to /var/log/security.
Since you set verbose_limit=0, you shouldn't expect to see anything from
ipfw in /var/log/messages, on either host or jail.
> # /root >/var/log/security
> empty file
>
> # /root >cat /var/log/messages
> empty file
Strange that there were not even normal bootup messages on the host?
The rest serves to demonstrate the vnet jail logging-to-host issue.
Ian
More information about the freebsd-ipfw
mailing list