Hi Dave I solved a similar problem with a script from cron:
---- snip ---- #!/bin/sh # LOG="ipflog-"`/bin/hostname`"-"`/bin/date +%Y%m%d%H%M%S` ZIP="$LOG.gz" STORE="/var/log/ipf/`/bin/date +%Y`/`/bin/date +%m`/`/bin/date +%d`" cd /var/log if [ -e /var/log/ipflog -a ! -e /var/run/ipmon.pid.lock ];then /usr/bin/touch /var/run/ipmon.pid.lock /bin/mkdir -p $STORE /bin/mv ipflog $STORE/$LOG kill `/bin/cat /var/run/ipmon.pid` /usr/sbin/ipmon -Dav /var/log/ipflog /usr/bin/nice -n 20 /usr/bin/gzip $STORE/$LOG /bin/rm -f /var/run/ipmon.pid.lock else /bin/echo "ipflog is missing or .lock file exists." fi ---- snip ---- The script runs on OpenBSD. Change the paths for FreeBSD. It's used on production firewalls :-) Other settings of interest: rc.conf ipmon_flags=-"Dav /var/log/ipflog" crontab */15 * * * * /path/to/script/rotate.sh If logfiles gets large quick, use */5 instead -- Kind regards Flemming Laugaard ------------------------------------ f u cn rd ths, itn tyg h myxbl cd. > Trying to figure this one out, I've got ipfilter running on fbsd 5.1. In > my rc.conf file i have: > ipmon_flags="-Davn /var/log/firewall.log" > then i followed the ipmon example for log rotation given in the rc.conf man > page and added the following one line to /etc/newsyslog.conf: > /var/log/firewall.log 600 3 100 * Z /var/run/ipmon.pid > I'm having two problems, firstly, the log is in fact being written but when > newsyslog rotates the log file ipmon continues to write to firewall.log.0 > which i am assuming is the previous log file and the new log fille, > firewall.log has only that newsyslog rotated it. The second problem and this > might be related to the first is that newsyslog is not compressing these > logs.
