logging to another machine
Sam Leffler
sam at errno.com
Mon Sep 5 08:46:42 PDT 2005
[folks left me off the cc so I didn't see any replies until I checked
the archives...]
> On Mon, Sep 05, 2005 at 10:09:49AM +0200, Vladimir Kotal wrote:
>
>> So, the following looks like what can be put into /etc/rc* script for your
>> favorite embedded distribution:
>>
>> ifconfig pflog0 up
>> tcpdump -s 96 -l -e -t -i pflog0 2>/dev/null | \
>> logger -p local0.info -t pf &
>>
>> It could be nice if pflogd supported logging to syslog directly.
>
> It would have to duplicate (or link against, I guess) a lot of code in
> tcpdump, especially all the protocol-printers if you wanted to add -vvv,
> and then that code redundancy would have to be kept in sync, etc.
>
> One tool for one purpose, right? :)
>
[Thanks for the -l response, realized it moments after posting :)]
I don't want ascii logged, I want the binary data logged remotely.
Installing tcpdump on the firewall just to log stuff is way overkill
(though if it's there already one cares less). I build very small
systems (this firewall is typically <8Mb cf and ram is typically very
tight too) and requiring tcpdump just to log pf stuff is unacceptable.
Guess I need to roll my own logger program that reads from pflog and
dispatches to another machine.
Sam
More information about the freebsd-pf
mailing list