dave,
there is a very easy, trivial, and sturdy way to do what you need to do.
first refer to http://www.cronolog.org/
and then in one of your rc scripts place the following:
# start the ipmon process for ipf blocked packet logging
if [ -x /opt/ipf/bin/ipmon -a -x /usr/local/sbin/cronolog ]
then
/opt/ipf/bin/ipmon | /usr/local/sbin/cronolog\
--symlink /var/log/ipmon.current.log\
/var/log/ipf/ipmon.%Y.%W.log &
finow go see http://www.cronolog.org/faq.html for answers to the questions that are swimming around in your mind right now, esp regarding the format specifiers.
to compress the old logs, use cron and find, e.g. crontab:
15 4 * * * find /var/log/ipf -mtime +14 -exec gzip {} \;please note i wrote this off the top of my head; you will want to modify it as needed so that you don't accidentally end up with a completely gzip'd file system...
regards, jim
dave wrote:
Hello, Trying to figure this one out, I've got ipfilter running on fbsd 5.1. In my rc.conf file i have: ipmon_flags="-Davn /var/log/firewall.log" then i followed the ipmon example for log rotation given in the rc.conf man page and added the following one line to /etc/newsyslog.conf: /var/log/firewall.log 600 3 100 * Z /var/run/ipmon.pid I'm having two problems, firstly, the log is in fact being written but when newsyslog rotates the log file ipmon continues to write to firewall.log.0 which i am assuming is the previous log file and the new log fille, firewall.log has only that newsyslog rotated it. The second problem and this might be related to the first is that newsyslog is not compressing these logs. Thanks. Dave.
