From owner-freebsd-pf@FreeBSD.ORG  Mon Sep  5 08:21:24 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D9E8716A41F
	for <freebsd-pf@freebsd.org>; Mon,  5 Sep 2005 08:21:24 +0000 (GMT)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2143C43D46
	for <freebsd-pf@freebsd.org>; Mon,  5 Sep 2005 08:21:23 +0000 (GMT)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1])
	by insomnia.benzedrine.cx (8.13.4/8.12.11) with ESMTP id j858LKxn003706
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Mon, 5 Sep 2005 10:21:21 +0200 (MEST)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.13.4/8.12.10/Submit) id j858LKGg013889;
	Mon, 5 Sep 2005 10:21:20 +0200 (MEST)
Date: Mon, 5 Sep 2005 10:21:20 +0200
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: Vladimir Kotal <vlada@devnull.cz>
Message-ID: <20050905082120.GD27277@insomnia.benzedrine.cx>
References: <431BD7AA.4040300@errno.com> <20050905072630.664053A@gw2.local.net>
	<20050905080949.GA19145@otaku.xtrmntr.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050905080949.GA19145@otaku.xtrmntr.org>
User-Agent: Mutt/1.5.9i
Cc: freebsd-pf@freebsd.org
Subject: Re: logging to another machine
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2005 08:21:25 -0000

On Mon, Sep 05, 2005 at 10:09:49AM +0200, Vladimir Kotal wrote:

> So, the following looks like what can be put into /etc/rc* script for your
> favorite embedded distribution:
> 
> ifconfig pflog0 up
> tcpdump -s 96 -l -e -t -i pflog0 2>/dev/null | \
> 	logger -p local0.info -t pf &
> 
> It could be nice if pflogd supported logging to syslog directly.

It would have to duplicate (or link against, I guess) a lot of code in
tcpdump, especially all the protocol-printers if you wanted to add -vvv,
and then that code redundancy would have to be kept in sync, etc.

One tool for one purpose, right? :)

Daniel