Xu, Chun Gang (Titan) wrote:
Hi,
I just have one quick question on the “log failures” below.
I only added the log option in all “block” rules.
It seems that all blocked packets are logged, but why there are some
log failures? And how could it happen?
If the system logs packets faster than ipmon can read them and the
log buffer fills up, logging of packets can fail.
The default kernel buffer is a maximum of 8k of log data.
You can change this by either changing DEFAULT_IPFLOGSIZE in
ip_fil.h or by using any one of the various means to set ipl_logsize.
Darren
