IPFW Not Logging

jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
Patrick M. Hausen said:
I am strictly speaking about the FreeNAS environment and the jail framework it provides ...
Click to expand...

That's nice, but the user is trying to get a copy of data that would be provided via klog. Since iocage is just a wrapper, it's better to see if the jail system is even capable of the functionality, and my general feel is that it isn't, because a plain jail with klog doesn't seem to have any activity on it.

So are these hundreds of jails in your environment running on FreeNAS? If so, count me impressed. :smile:
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
Nope :) But they are provisioned with Ansible and iocage.
The test above I did on my FreeNAS, though.
 
P

PnoT

Dabbler
Joined
Apr 12, 2017
Messages
41
I found the output of the logging, as you guys had hinted to, in the base FreeNAS system /var/log/security which provides what I was looking for. Icing on the cake would be to have it log to another location and within the jail but that doesn't look like it'll happen. I'm still learning so thank you both for chiming in here and providing some very helpful information.
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
@jgreco One final point - I am convinced that logging into the jail's syslog works as soon as there is a /dev/klog inside the jail. This is currently ... dificult ... with the version of iocage in FreeNAS 11.3. Handling of custom devfs rulesets seems to be broken. There are a couple of commits supposedly fixing the issue but I don't see them up for inclusion in FreeNAS 11.3 - I'll probably file that as a bug so hopefully it gets fixed before TrueNAS core 12.0.

One more point for your approach to use the jail management methods in the base system, but as long as we are talking jails in FreeNAS we are stuck with iocage - for better or worse, sometimes both ;)

Kind regards,
Patrick
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
But that was my point. Using a basic FreeBSD 12.1R system and the underlying jail subsystem, I had no problems getting /dev/klog inside the jail, but it wasn't functional. Feel free to share any commits or bug reports relevant, I'm kinda interested, maybe only because I'm trying to avoid some real work. :smile:
 
You must log in or register to reply here.

Similar threads

T
VPN providers with IPFW rules support
Replies
2
Views
858
theomolenaar
T
J
  • Locked
ipfw Symbolic Substitution error for subnet 192.168.1.0/28
Replies
7
Views
1K
JW0914
J
A
  • Locked
OpenVPN IPFW issue
Replies
9
Views
2K
nightshade00013
nightshade00013
Kevin Horton
  • Locked
Huge number of ipfw messages
Replies
3
Views
1K
Kevin Horton
Kevin Horton
gtp04
  • Locked
IPFW loading rules in jail
2
Replies
25
Views
7K
gtp04
gtp04
Top