logging to another machine
Vladimir Kotal
vlada at devnull.cz
Mon Sep 5 01:09:51 PDT 2005
On Mon, Sep 05, 2005 at 08:26:30AM +0100, Greg Hennessy wrote:
>
> >
> > tcpdump -i pflog0 -n -e -ttt | logger -p local7.info -h sysloghost
> >
> > but that didn't work for some reason.
>
> Add the '-l' flag to tcpdump and it will.
>
> ~ # ps axww | egrep 'tcpdump|logger'
> 428 con- S 0:02.70 tcpdump -s 96 -l -e -t -i pflog0
> 429 con- S 0:00.30 logger -p local0.info -t pf
>
So, the following looks like what can be put into /etc/rc* script for your
favorite embedded distribution:
ifconfig pflog0 up
tcpdump -s 96 -l -e -t -i pflog0 2>/dev/null | \
logger -p local0.info -t pf &
It could be nice if pflogd supported logging to syslog directly.
v.
More information about the freebsd-pf
mailing list