FreeBSD - Tutorials, Security
Home   Archives   Sitemap   About   Contact

Freebsd - /var filesystem full because of pflog file

Home NEW! Unix Forum News 100 Tips and Tricks Website Development Server Operating Systems Databases
 Ivorde.ROarrow Server Operating Systems arrowProblems and SolutionsarrowFreebsd - /var filesystem full because of pflog file 

Article Sections

    Hello, Guest !
User name:
Password:
 
Google

 SSD VPS Hosting - Vpsie.com
 Mo.nitor.me
 Ivorde forum
 FreeBSD Tutorials
 Linux LVM Commands
 Free Shell Accounts
 FreeBSD Project
 FreeBSD Handbook
 Advanced Bash-Scripting Guide
 The OpenBSD Project
 Distrowatch
 FreeBSD Handbook


Apache Webserver Home Page

Posted on: 04 Feb 2008
Author: mandrei
Section: Server Operating Systems | Problems and Solutions
Views: 2359
Comments: 0 (Add)

Freebsd - /var filesystem full because of pflog file
Freebsd - /var filesystem full because of pflog file, filesystem full, pflog, packet filter log

 



PF firewall dumps the logs (by default) to /var/log/pflog file which, depending on your packet filter rules and your traffic, can get to 100MB in size in just a few hours. (make your rules with pass in log-all or pass in log to have PF logging all or just first occurance of that rule for each host). This will certainly lead to your /var filesystem full very often.

I was in a similar situation today (after 2 months pflogfile was getting, again very large on one of my gateways). 

$ df -h /var
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad0s1e    248M    245M    -18M   108%    /var

Although I get hourly alerts on my email I was here a little too late I could say.

After searching the filesystem for the largest files (see How to find the largest 10 files in a filesystem) I saw that pflog file was getting close to 96MB (huuuge).

$ du -h /var/log/pflog
96M    /var/log/pflog

This can be easily fixed by doing two things: empty pflog file and restarting pflog processes / delete and touch pflog and restart pflog processes (in case you need to keep /var/log/pflog you'll need to move/archive it and store it somewhere safe. I didn't need it so I removed it's contents):

I used the first option:

Empty pflog file

$ >|/var/log/pflog
$ df -h /var
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad0s1e    248M    245M    -18M   108%    /var

You can see above that it is not enough to empty it's contents. Df command still reports the filesystem full and /var/log/pflog file is still empty. Pflogd didn't start dumping the logs inside it.

Get the PIDs of pflogd daemon and kill -HUP

$ ps ax | grep -v grep | grep pflog
  221  ??  Is     0:00.01 pflogd: [priv] (pflogd)
  226  ??  S      8:29.79 pflogd: [suspended] -s 116 -f /var/log/pflog (pflogd)
$ kill -HUP 221 226
$ df -h /var
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad0s1e    248M    151M     77M    66%    /var

kill -HUP sends a signal to the specified daemon(pflogd in this case) to re-read it's config files (including where to dump the logs: /var/log/pflog and after that df command shows a normal utilization of the filesystem (also, pflogd started to dump the logs in /var/log/pflog).

The above step could have been performed with one command: 

$ for i in `ps ax | grep -v grep | grep pflog | awk '{print $1}'`; do kill -HUP $i; done


Comments are welcome.
Bookmarks: Echo "Freebsd - /var filesystem full because of pflog file" around:
del.icio.usdiggFurlYahooMyWebGoogleBookmarksFaceBookTechnocratti
-------------------advertising-----------------

Other articles in Server Operating Systems / Problems and Solutions
» Unix - How to find the largest 10 files in a filesystem
» Packet Filter broken on FreeBSD 6.2 ? Unusual pf error
» Error installing world on FreeBSD 6.3
» How to remount UNIX filesystems with one command
» Creating/Adding (temporary) users on FreeBSD 6




Contact webmaster regarding this article
Register or Login to post your article
Hello, Guest ! You can Login or Register to www.ivorde.ro!

 Post comment:

Name:
Title:
Comment:
Please type the word you see in the image (anti-spam verification). Refresh the page if you don't understand the word.
Allowed HTML Tags for comments:<p><strong><em><u><h1><h2><h3><h4><h5><h6><img><li>
<ol><ul><span><div><br><ins><del>

0 comment(s) to Freebsd - /var filesystem full because of pflog file:

   Latest topics on the forum:
 
   Most viewed articles:
How to copy a mysql database using mysqldump - 9375 views
How to change a user's password in AIX with the output from ECHO command - 8635 views
FreeBSD: Add/remove an additional IP alias - 5609 views
Qmail relay to smarthost: How to route all mail to a smarthost - 3929 views
Print queues in AIX 5L - How to list print queues in AIX - 2884 views

   Latest 10 articles:
Qmail relay to smarthost: How to route all mail to a smarthost - 03 Feb 2009
EXIM 4 relay to smarthost: How to route all mail except local domain - 03 Feb 2009
Windows XP: print LISTEN ports and network connections using netstat - 30 Jan 2009
How to cut out first last n characters from each file name, from a filelist - 04 Nov 2008
Mozilla Firefox3 is now released - 18 Jun 2008
How to switch lower case to upper case and upper case to lower case in a string - 17 Jun 2008
How to rename files/directories to uppercase/lowercase character names - 17 Jun 2008
How to convert lower case to upper case letters in a shell script/command - 17 Jun 2008
Unix,Linux,FreeBSD - How to rename a list of files, replacing spaces inside their names - 12 Jun 2008
How to change a user's password in AIX with the output from ECHO command - 21 May 2008


Archives
» 2007  |  June  |  October  |  November  |  December
» 2008  |  January  |  February  |  March  |  April  |  May  |  June  |  November
» 2009  |  January  |  February



Home | Archives | Sitemap | About | Contact

Designed and developed by Andrei Manescu. Optimized for Mozilla Firefox.  
Copyright 2007 Andrei Manescu
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by those who posted them.
Valid W3 Document Valid XHTML 1.0 Transitional Valid CSS! The FreeBSD Project Viewable With Any Browser