Date: Mon, 5 Sep 2005 09:47:59 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: <freebsd-pf@freebsd.org> Subject: RE: logging to another machine Message-ID: <20050905084759.95B894D@gw2.local.net> In-Reply-To: <20050905080949.GA19145@otaku.xtrmntr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> So, the following looks like what can be put into /etc/rc* > script for your favorite embedded distribution: > > ifconfig pflog0 up > tcpdump -s 96 -l -e -t -i pflog0 2>/dev/null | \ > logger -p local0.info -t pf & Pretty much so ~ # grep -i pflog /etc/rc.local echo -n "pflog -> syslog" ifconfig pflog0 up tcpdump -s 96 -l -e -t -i pflog0 | logger -p local0.info -t pf & ~ # grep -i local0.info /etc/syslog.conf local0.info /var/log/pflog.txt local0.info @loghost ~ # grep -i pflog.txt /etc/newsyslog.conf /var/log/pflog.txt 600 7 * @T00 Z The '-s 96' is required, because I don't have option INET6 compiled into the kernel. > It could be nice if pflogd supported logging to syslog directly. I can see Daniels point on the complexity of replicating what tcpdump does already. TBH, I've never found the overhead to be too onerous, if you add '-n' to tcpdump it'll reduce it even more. greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050905084759.95B894D>