Date: Mon, 05 Sep 2005 08:53:34 -0700 From: Sam Leffler <sam@errno.com> To: freebsd-pf@freebsd.org Subject: Re: logging to another machine Message-ID: <431C69FE.4000100@errno.com>
next in thread | raw e-mail | index | archive | help
[folks left me off the cc so I didn't see any replies until I checked the archives...] > On Mon, Sep 05, 2005 at 10:09:49AM +0200, Vladimir Kotal wrote: > >> So, the following looks like what can be put into /etc/rc* script for your >> favorite embedded distribution: >> >> ifconfig pflog0 up >> tcpdump -s 96 -l -e -t -i pflog0 2>/dev/null | \ >> logger -p local0.info -t pf & >> >> It could be nice if pflogd supported logging to syslog directly. > > It would have to duplicate (or link against, I guess) a lot of code in > tcpdump, especially all the protocol-printers if you wanted to add -vvv, > and then that code redundancy would have to be kept in sync, etc. > > One tool for one purpose, right? :) > [Thanks for the -l response, realized it moments after posting :)] I don't want ascii logged, I want the binary data logged remotely. Installing tcpdump on the firewall just to log stuff is way overkill (though if it's there already one cares less). I build very small systems (this firewall is typically <8Mb cf and ram is typically very tight too) and requiring tcpdump just to log pf stuff is unacceptable. Guess I need to roll my own logger program that reads from pflog and dispatches to another machine. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?431C69FE.4000100>