logging to another machine
Greg Hennessy
Greg.Hennessy at nviz.net
Mon Sep 5 01:48:04 PDT 2005
> So, the following looks like what can be put into /etc/rc*
> script for your favorite embedded distribution:
>
> ifconfig pflog0 up
> tcpdump -s 96 -l -e -t -i pflog0 2>/dev/null | \
> logger -p local0.info -t pf &
Pretty much so
~ # grep -i pflog /etc/rc.local
echo -n "pflog -> syslog"
ifconfig pflog0 up
tcpdump -s 96 -l -e -t -i pflog0 | logger -p local0.info -t pf &
~ # grep -i local0.info /etc/syslog.conf
local0.info /var/log/pflog.txt
local0.info @loghost
~ # grep -i pflog.txt /etc/newsyslog.conf
/var/log/pflog.txt 600 7 * @T00 Z
The '-s 96' is required, because I don't have option INET6 compiled into the
kernel.
> It could be nice if pflogd supported logging to syslog directly.
I can see Daniels point on the complexity of replicating what tcpdump does
already.
TBH, I've never found the overhead to be too onerous, if you add '-n' to
tcpdump it'll reduce it even more.
greg
More information about the freebsd-pf
mailing list