Date: Tue, 15 Sep 2009 14:51:54 -0400 From: Tom Uffner <tom@uffner.com> To: gaurav@subisu.net.np Cc: freebsd-pf@freebsd.org Subject: Re: Packet Filter alerting system. Message-ID: <4AAFE24A.2040602@uffner.com> In-Reply-To: <4AADC15B.5060501@subisu.net.np> References: <4AADC15B.5060501@subisu.net.np>
next in thread | previous in thread | raw e-mail | index | archive | help
Gaurav Ghimire wrote:
> Just curious to know if we have something, some alerting system or mechanism that provides the administrator with the daily reports that pf itself or some other
> tool collects on pf's behalf.
>
> That probably reports the admin of:
> ~ Total connection counts matched on each rulesets.
> ~ Total number of counts matched on deny rules.
/etc/periodic/security/520.pfdenied
it should be enabled by default if you haven't done anything unnatural to
the /etc/periodic system
> ~ IP/Port attack logs and relatives.
only if you specify "log" in one or more of your pf rules, in which
case you will find it in /var/log/pflog, /var/log/pflog.?.bz2, and
/var/log/pf.{today,yesterday}
tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AAFE24A.2040602>