Adding something such as ~ # grep -i pflog /etc/rc.local echo -n "pflog -> syslog" ifconfig pflog0 up tcpdump -s 96 -l -e -t -i pflog0 | logger -p local0.info -t pf & ~ # ~ # ~ # grep local0.info /etc/syslog.conf local0.info /var/log/pflog.txt local0.info @loghost
Dynamically add loghost as appropriate, May be a quick win to get firewall logs off the box and onto to something else on the network via syslog. Personally I use kiwi syslog with some filters to provide separate displays of Pass In, Pass Out and Block traffic. About 12 months ago, I knocked up an exceedingly nasty perl hack to massage PF log output into a form digestible by http://www.sonic.net/wallwatcher/, wasn't really impressed with the overhead though. It might be worth emailing the author with some sample logs and ask him to add PF support. Greg > -----Original Message----- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: 29 July 2005 18:41 > To: Ted Crow > Cc: [email protected] > Subject: Re: [pfSense-discussion] Thoughts on Hatchet > > Colin worked on this for quite some time to no avail. Until > someone else steps up and does the work its not happening. > > On 7/29/05, Ted Crow <[EMAIL PROTECTED]> wrote: > > > > Pfstat is all well and good, but I was just wondering if you guys > > looked at Hatchet at all? > > > > http://www.dixongroup.net/hatchet/ > > > > It looks like it could be integrated or adapted directly > into the system... > > it does have fair number of dependencies though. > > > > Ted Crow > > Information Technology Manager > > Tuttle Services, Inc. > > >
