Re: ipmon log rotation

Hi Dave

I solved a similar problem with a script from cron:



---- snip ----

#!/bin/sh
#
LOG="ipflog-"`/bin/hostname`"-"`/bin/date +%Y%m%d%H%M%S`
ZIP="$LOG.gz"
STORE="/var/log/ipf/`/bin/date +%Y`/`/bin/date +%m`/`/bin/date +%d`"

cd /var/log

if [ -e /var/log/ipflog -a ! -e /var/run/ipmon.pid.lock ];then

/usr/bin/touch /var/run/ipmon.pid.lock

/bin/mkdir -p $STORE
/bin/mv ipflog $STORE/$LOG
kill `/bin/cat /var/run/ipmon.pid`
/usr/sbin/ipmon -Dav /var/log/ipflog
/usr/bin/nice -n 20 /usr/bin/gzip $STORE/$LOG

/bin/rm -f /var/run/ipmon.pid.lock

else

/bin/echo "ipflog is missing or .lock file exists."

fi

---- snip ----

The script runs on OpenBSD. Change the paths for FreeBSD.
It's used on production firewalls :-)

Other settings of interest:

rc.conf
ipmon_flags=-"Dav /var/log/ipflog"

crontab
*/15 * * * * /path/to/script/rotate.sh

If logfiles gets large quick, use */5 instead

--
Kind regards
Flemming Laugaard
------------------------------------
f u cn rd ths, itn tyg h myxbl cd.

> Trying to figure this one out, I've got ipfilter running on fbsd 5.1. In
> my rc.conf file i have:
> ipmon_flags="-Davn /var/log/firewall.log"
> then i followed the ipmon example for log rotation given in the rc.conf man
> page and added the following one line to /etc/newsyslog.conf:
> /var/log/firewall.log 600 3 100 * Z /var/run/ipmon.pid
> I'm having two problems, firstly, the log is in fact being written but when
> newsyslog rotates the log file ipmon continues to write to firewall.log.0
> which i am assuming is the previous log file and the new log fille,
> firewall.log has only that newsyslog rotated it. The second problem and this
> might be related to the first is that newsyslog is not compressing these
> logs.