Re: Question about redirecting to a multiple log files from pflogd
On Sun, Aug 19, 2012 at 12:25 PM, Stuart Henderson wrote: > On 2012-08-14, C. L. Martinez wrote: >> Hi all, >> >> I have some rules that I would like to redirect in syslog format to a >> log file. I don't need to touch /var/log/pflog. To accomplish this I >> have tried to start pflogd daemon with the following options: >> >> "-s 256 -i pflog0 -f /var/log/pflog -i pflog1 -f /tmp/test.log" > > I don't believe a single pflogd process can run on multiple interfaces, > I think you would need to run a second process for pflog1. > >> ... but it doesn't works. After, I have tried to start another pflogd >> instance with "-s 256 -i pflog1 -f /tmp/test.log": >> >> 25317 ?? S 0:49.58 pflogd: [running] -s 256 -i pflog1 -f >> /tmp/test.log (pflogd) >> 13851 ?? Ss 0:00.23 ntpd: ntp engine (ntpd) >> 16445 ?? Is 0:00.03 ntpd: dns engine (ntpd) >> 11227 ?? Ss 0:00.02 ntpd: [priv] (ntpd) >> 21752 ?? Is 0:00.05 /usr/sbin/sshd >> 14014 ?? Ss 0:00.30 sendmail: accepting connections (sendmail) >> 14724 ?? Is 0:00.01 /usr/sbin/ftp-proxy >> 14277 ?? Ss 0:00.04 /usr/sbin/cron >> 11070 ?? Ss 0:35.46 sshd: root@ttyp0 (sshd) >> 18112 ?? Is 0:00.01 pflogd: [priv] (pflogd) >> 14997 ?? S 0:01.08 pflogd: [running] -s 256 -i pflog0 -f >> /var/log/pflog (pflogd) >> >> .. but it doesn't works. /var/log/pflog doesn't register activitvy >> (pflog0 and pflog1 interfaces are up) > > Do you have PF rules causing writes to go to the relevant pflog interface? Yes, I have two rules that redirects logs to pflog1 using (log all, to pflog1) ... > > Do you see anything with tcpdump -neipflog0 / tcpdump -neipflog1? Yes I see logs in this interface (pflog1) and in on pflog0. At interface level all it is correct, problem is with /var/log/pflog log file. It doesn't register nothing ...
Re: relayd log file
From: Stuart Henderson To: misc@openbsd.org Sent: Sunday, August 19, 2012 3:27 PM Subject: Re: relayd log file On 2012-08-14, Remco wrote: > 2) this may be more to your liking, add the following to /etc/syslog.conf: > > !!relayd > *.* /var/log/relayd > !* Yes, and put this *before* your other rules unless you also want these entries written to /var/log/daemon. Thank you, I saw that problem but dindn't see this elegant solution.
Foro Empresarial III Rompiendo Barreras Mentales con German Silva, Cd. de México.
2790425 [IMAGE] Foro Empresarial 3era Edición Liderazgo & Vanguardia Empresarial 5 Expositores acompañándolo y brindado las estrategias y herramientas necesarias para superar con Éxito los Nuevos Retos. Presentación Exclusiva: 28 de Septiembre Ciudad de México. Líder del deporte Nacional German Silva / Dr. Guillermo Carmona / Sergio Villalobos / Mónica Herrero / Lev. Castelán presentes. Líder no es mandar, es saber servir y dirigir a los demás con propósito. Solicite MAYORES informes o inscríbase ahora! Por favor responda este e-mail escribiendo los datos siguientes: Empresa: Nombre: Teléfono: Email: Número de Interesados: En breve recibirá temario, reseña de expositor y tarifas. Si lo prefiere comuníquese a los teléfonos donde con gusto uno de nuestros ejecutivos le atenderá. Teléfonos: (0133) 8851-2365, (0133) 8851-2741 con más de 10 líneas. Pms Capacitación Efectiva de México es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tácticas, vanguardistas y de fácil aplicación. Síguenos en Twitter@pmscapacitacion o bien en Facebook PMS de México Tip del día! Planea: Evita los problemas de vivir al momento y crear estrategias de último momento. Planea tus objetivos, elige un rumbo y mantente. Anticipa posibles causales de emergencia y diseña planes de contingencia previos que permitan conocer rutas a seguir. Esto ayudará a crear metas en su compañía, compartirlas con su equipo y anticipar obstáculos. Copyright (C) 2011, PMS Capacitación Efectiva de México S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de México o bien un usuario le refirió para recibir este boletín. Como usuario de Pms de México, en este acto autoriza de manera expresa que Pms de México le puede contactar vía correo electrónico u otros medios. ALTO, si en esta ocasión la información recibida no fue de su interés pero desea recibir información personalizada en relación a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJAFORO3 Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAFORO3 Tenga en cuenta que la gestión de nuestras bases de datos es de suma importancia para nosotros y no es intención de la empresa la inconformidad del receptor, nuestra intención es promover herramientas de utilidad para el [demime 1.01d removed an attachment of type image/jpeg which had a name of imageforoiii001.jpg]
Re: 合作咨询
>From owner-misc+m125...@openbsd.org Sat Aug 18 20:50:11 2012 From: æ¬å ¬å¸å¨è¯¢æå¡èå´ï¼æ¿å±ç§èµ\,ç¨å¡æºå ³\,å¢å¼ç¨æ®é\,æ·±å³å¼å¹¿å,é¤é¥®,è¿è¾,å¨è¯¢,ä½å®¿,æ¬è¿,é åºæå¡,å³å¡è´¹,建çå®è£ ,å 工修ç,ä¼è®®è´¹,ç§èµ,æå¡ ,å·¥ä¸ç»ä¸,åä¸ç»ä¸,å°æ¹ç¨æ§,çåè¡ä¸fa--piaoçä¼æ æä¾ã çµè¯ï¼13144800010 éç æå¸å¯æä¾å ¨æ¹é¢çå¼æå¡ï¼ç»å¯¹ä¿çï¼ä¸ç½ç»éå½ç¨åå°ç¨ç½ç«è¿è¡æ¥éªã欢è¿æ´½è°ä¸å¡ï¼
Re: The ultimate OpenBSD email server
Le 19 août 2012 à 14:15, Stuart Henderson a écrit : > On 2012-08-16, Joel Carnat wrote: >> - roundcube and suhosin don't play well together ; > > there is no general problem with roundcube and suhosin playing > together, you just have to follow the documentation about disabling > session encryption (clearly documented in the installation guide, > and checked for by the installer). > yep, that's what I meant: you have to disable encryption to have them work together...
Re: Question about redirecting to a multiple log files from pflogd
On 2012-08-14, C. L. Martinez wrote: > Hi all, > > I have some rules that I would like to redirect in syslog format to a > log file. I don't need to touch /var/log/pflog. To accomplish this I > have tried to start pflogd daemon with the following options: > > "-s 256 -i pflog0 -f /var/log/pflog -i pflog1 -f /tmp/test.log" I don't believe a single pflogd process can run on multiple interfaces, I think you would need to run a second process for pflog1. > ... but it doesn't works. After, I have tried to start another pflogd > instance with "-s 256 -i pflog1 -f /tmp/test.log": > > 25317 ?? S 0:49.58 pflogd: [running] -s 256 -i pflog1 -f > /tmp/test.log (pflogd) > 13851 ?? Ss 0:00.23 ntpd: ntp engine (ntpd) > 16445 ?? Is 0:00.03 ntpd: dns engine (ntpd) > 11227 ?? Ss 0:00.02 ntpd: [priv] (ntpd) > 21752 ?? Is 0:00.05 /usr/sbin/sshd > 14014 ?? Ss 0:00.30 sendmail: accepting connections (sendmail) > 14724 ?? Is 0:00.01 /usr/sbin/ftp-proxy > 14277 ?? Ss 0:00.04 /usr/sbin/cron > 11070 ?? Ss 0:35.46 sshd: root@ttyp0 (sshd) > 18112 ?? Is 0:00.01 pflogd: [priv] (pflogd) > 14997 ?? S 0:01.08 pflogd: [running] -s 256 -i pflog0 -f > /var/log/pflog (pflogd) > > .. but it doesn't works. /var/log/pflog doesn't register activitvy > (pflog0 and pflog1 interfaces are up) Do you have PF rules causing writes to go to the relevant pflog interface? Do you see anything with tcpdump -neipflog0 / tcpdump -neipflog1?
Re: pf 'synproxy state' doesn't work with pppoe
On cs, aug 16, 2012 at 20:43:18 +0100, Kevin Chadwick wrote: > > > > pass all flags S/SA > > > > pass in on pppoe0 inet proto tcp from to port = flags > > > > S/SA synproxy state > > > > > > Originally you posted pass in quick. Keep the quick in there, not for > any reason other than I have a quick in my rules. Same with the NIC, I > don't have any logical hopes for you. Switched the vge(4) with the em(4) NIC, but the situation is the same; PF's synproxy state won't work on a pppoe0 device. Kevin, may I ask you to describe me the network setup in which you've made synproxy with pppoe work? I'm curious about the NICs and how do they connect to the ISP and/or LAN/NAT etc. Thanks, Daniel -- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
Re: WARNING: mclpools limit reached; increase kern.maxclusters and paquet lost
On 2012-08-14, Michel Blais wrote: > I maybe found something, congestion seem high when I check with pftcl -si. > > I don't think it's hardware related since CPU is under 50% use. > > I saw this tread where Henning suggest to raise net.inet.ip.ifq.maxlen > so I raided it to 512 instead of 256. > http://old.nabble.com/PF-congestion-question-td7088168.html > > It's a old thread so I wanted to know if it's still a good idea to raise > this sysctl value. If you are seeing increases in net.inet.ip.ifq.drops, then yes it usually is a good idea to increase the queue length.
Re: relayd log file
On 2012-08-14, Remco wrote: > 2) this may be more to your liking, add the following to /etc/syslog.conf: > > !!relayd > *.* /var/log/relayd > !* Yes, and put this *before* your other rules unless you also want these entries written to /var/log/daemon.
Re: The ultimate OpenBSD email server
On 2012-08-16, Joel Carnat wrote: > - roundcube and suhosin don't play well together ; there is no general problem with roundcube and suhosin playing together, you just have to follow the documentation about disabling session encryption (clearly documented in the installation guide, and checked for by the installer).
Re: dc(1): keep reading stdin after file
On Mon, Aug 06, 2012 at 11:48:42AM +0200, Stefan Unterweger wrote: > Hello! > > I noted that the manpage of dc(1) reports a detail which is inconsistent > with the actual behaviour. Right at the beginning, it states the > following: 'If an argument is given, input is taken from that file until > its end, then from the standard input.' > > In fact though, when started with an argument, the file is read and dc > then exits. The attached patch fixes this. > > > Cheers, > s//un > doc fix committed, as requested by otto. jmc > > > --- dc.c.orig Mon Aug 6 11:41:34 2012 > +++ dc.c Mon Aug 6 11:41:36 2012 > @@ -99,11 +99,6 @@ > reset_bmachine(&src); > eval(); > (void)fclose(file); > - /* > - * BSD and Solaris dc(1) continue with stdin after processing > - * the file given as the argument. We follow GNU dc(1). > - */ > - return (0); > } > src_setstream(&src, stdin); > reset_bmachine(&src);
Re: CARP and transit network to ISP
On 2012-08-17, Tobias Crefeld wrote: > Can anyone give me a hint how to setup a pair of "CARPed" firewall > machines to access an ISP via an direct ethernet link (fiber). He > assigned us a customer network ( /29) and a transit network ( /30) to > connect our (customer) network with his backbone without extra router > machine. Sounds like you already know how to do this:- > All (active) addresses of the customer network should become > aliases of the CARP-interface (firewall is using NAT and proxies). So put all active addresses as aliases of the CARP interface.
Re: OpenBSD changes virtual nic driver in vmware workstation?
On 2012-08-13, C. L. Martinez wrote: > After doing several tests, like installing FreeBSD to see if same > problem occurs, I conclude that the problem may be with OpenBSD ifself > making the change, is it right?? I haven't tried VMware workstation, but if the guest OS is able to make configuration changes to the VM host platform, that would be a problem with the VM platform rather than the guest OS. > Curiously, I have five OpenBSD vms under two ESXi servers, and this > problem doesn't appears: I can use e1000 configuring OpenBSD vms as > FreeBSD guest or Other ... Yes this works fine here too, no trouble with em(4) and vic(4) under ESXi. The most difficult thing is remembering how to setup the VM to get it to use the good driver rather than just emulating em(4).
Re: OpenBGPd - how to blackhole traffic?
On 2012-08-16, Claudio Jeker wrote: > On Thu, Aug 16, 2012 at 02:47:25PM +0200, Bernd wrote: >> Hi list, >> >> I'd like to blackhole some traffic. For instance, my AS is >> 12.34.56.0/20, so 12.34.58.0 might be announced, but is not >> necessarily connected (internal routing via OSPFd). >> >> On Cisco one uses: >> >> ip route 0.0.0.0 0.0.0.0 Null0 >> >> This would throw any traffic headed to a network within my AS, which >> is *not* connected (via OSPF), onto the floor. >> >> Is there a way to achieve this on OpenBSD? >> > > route add default 127.0.0.1 -blackhole > > or for IPv6 (not tested) > > route add -inet6 default ::1 -blackhole > or s/blackhole/reject if you would like network unreachables rather than just drops.
Re: About `ldapctl stats` metrics
15 aug 2012 kl. 01:20 skrev Joel Carnat : > Hi, > > I've setup some RRDtool magic to graph ldapd(8) metrics (OpenBSD 5.1/i386). > > Using `ldapctl stats`, I was expecting: > "requests" = "search requests" + "bind requests" + "modify requests" > > But after a few ldapsearch/ldapadd/ldapdelete testings, it seems "requests" > grows faster than the sum of "* requests". > > A simple ldapsearch increments "search" and "bind" by 1 but increments > "requests" by 3. An ldapadd increments "bind" and "modify" by 1 but increments > "requests" by 3. The ldapdelete (to suppress the previous entry) increments > "bind", "search" and "modify" by 1 but "requests" is incremented by 4. > > What does "requests" counts that doesn't appear in other metrics? It could be a StartTLS request and/or an Unbind request. Those are included in "requests", but are not considered interesting enough to get their own counter. .martin