I think its a great idea. The only problem is finding someone to do the work ;)
Anyone interested? Scott On 7/29/05, Ted Crow <[EMAIL PROTECTED]> wrote: > > I'm not particularly impressed with WallWatcher myself. My thought here > was to have a more visual logging system built into the firewall web > interface itself. > > We can already peruse the state table and see basic performance data, > plus a snazzy SVG traffic graph, why not have a built-in/add-on log > analyzer? > > Ted Crow > Information Technology Manager > Tuttle Services, Inc. > -----Original Message----- > From: Greg Hennessy [mailto:[EMAIL PROTECTED] > Sent: Friday, July 29, 2005 2:02 PM > To: [email protected] > Subject: RE: [pfSense-discussion] Thoughts on Hatchet > > Adding something such as > > ~ # grep -i pflog /etc/rc.local > echo -n "pflog -> syslog" > ifconfig pflog0 up > tcpdump -s 96 -l -e -t -i pflog0 | logger -p local0.info -t pf & ~ # ~ # > ~ # grep local0.info /etc/syslog.conf > local0.info /var/log/pflog.txt > local0.info @loghost > > Dynamically add loghost as appropriate, > > > May be a quick win to get firewall logs off the box and onto to > something else on the network via syslog. > > Personally I use kiwi syslog with some filters to provide separate > displays of Pass In, Pass Out and Block traffic. > > About 12 months ago, I knocked up an exceedingly nasty perl hack to > massage PF log output into a form digestible by > http://www.sonic.net/wallwatcher/, > wasn't really impressed with the overhead though. > > It might be worth emailing the author with some sample logs and ask him > to add PF support. > > > Greg > > > > > > > -----Original Message----- > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Sent: 29 July 2005 18:41 > > To: Ted Crow > > Cc: [email protected] > > Subject: Re: [pfSense-discussion] Thoughts on Hatchet > > > > Colin worked on this for quite some time to no avail. Until someone > > else steps up and does the work its not happening. > > > > On 7/29/05, Ted Crow <[EMAIL PROTECTED]> wrote: > > > > > > Pfstat is all well and good, but I was just wondering if you guys > > > looked at Hatchet at all? > > > > > > http://www.dixongroup.net/hatchet/ > > > > > > It looks like it could be integrated or adapted directly > > into the system... > > > it does have fair number of dependencies though. > > > > > > Ted Crow > > > Information Technology Manager > > > Tuttle Services, Inc. > > > > > > >
