From owner-freebsd-questions@FreeBSD.ORG Mon May 22 14:09:57 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7184B16AC28 for ; Mon, 22 May 2006 14:09:57 +0000 (UTC) (envelope-from jas@math.jussieu.fr) Received: from shiva.jussieu.fr (shiva.jussieu.fr [134.157.0.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id B27F943D49 for ; Mon, 22 May 2006 14:09:56 +0000 (GMT) (envelope-from jas@math.jussieu.fr) Received: from riemann.math.jussieu.fr (riemann.math.jussieu.fr [134.157.13.3]) by shiva.jussieu.fr (8.13.6/jtpda-5.4) with ESMTP id k4ME9sve052252 ; Mon, 22 May 2006 16:09:54 +0200 (CEST) X-Ids: 168 Received: from galois5.math.jussieu.fr (galois5.math.jussieu.fr [134.157.13.120]) by riemann.math.jussieu.fr (8.13.6/jtpda-5.4) with ESMTP id k4ME9pVR085432 ; Mon, 22 May 2006 16:09:52 +0200 (CEST) Received: from galois5.math.jussieu.fr (localhost.localdomain [127.0.0.1]) by galois5.math.jussieu.fr (8.13.1/jtpda-5.4) with ESMTP id k4ME9pQd000445 ; Mon, 22 May 2006 16:09:51 +0200 Received: (from jas@localhost) by galois5.math.jussieu.fr (8.13.1/8.13.1/Submit) id k4ME9pxp000444; Mon, 22 May 2006 16:09:51 +0200 Date: Mon, 22 May 2006 16:09:51 +0200 From: Albert Shih To: Iantcho Vassilev Message-ID: <20060522140951.GA29183@math.jussieu.fr> References: <20060522131634.GW29183@math.jussieu.fr> <18e02bd30605220659m10680b26hf1342958157e2f57@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <18e02bd30605220659m10680b26hf1342958157e2f57@mail.gmail.com> User-Agent: Mutt/1.5.6i X-Spam-Score: -1.44 () ALL_TRUSTED X-Scanned-By: MIMEDefang 2.56 on 134.157.13.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.7.2 (shiva.jussieu.fr [134.157.0.168]); Mon, 22 May 2006 16:09:54 +0200 (CEST) X-Antivirus: scanned by sophie at shiva.jussieu.fr X-Miltered: at shiva.jussieu.fr with ID 4471C632.004 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! Cc: FreeBSD Mailing List Subject: Re: pflog X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: shih@math.jussieu.fr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 14:09:58 -0000 Le 22/05/2006 à 16:59:02+0300, Iantcho Vassilev a écrit > On 5/22/06, Albert Shih wrote: > > When you write your rules, you put "log" in them.. > > > example: > pass in quick log proto tcp from any to any keep state > > > then you have to have pflogd started(pflog_enable="YES" in /etc/rc.conf). > > When pflog is started your binary log is lcated on /var/log/pflog > > you can read it witH: > tcpdump -n -t -r /var/log/pflog > > if you want real time(because pflog is where is written with some delay) > tcpdump -n -t -i pflog0 Thanks. But I known this thing. The problem is with this method the log is first write on the hard-disk. And I don't want do that (well I don't like...) I prefer the pflogd directly log to a central server. It's possible ? Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Mon May 22 16:08:02 CEST 2006