> So, the following looks like what can be put into /etc/rc* > script for your favorite embedded distribution: > > ifconfig pflog0 up > tcpdump -s 96 -l -e -t -i pflog0 2>/dev/null | \ > logger -p local0.info -t pf &
Pretty much so ~ # grep -i pflog /etc/rc.local echo -n "pflog -> syslog" ifconfig pflog0 up tcpdump -s 96 -l -e -t -i pflog0 | logger -p local0.info -t pf & ~ # grep -i local0.info /etc/syslog.conf local0.info /var/log/pflog.txt local0.info @loghost ~ # grep -i pflog.txt /etc/newsyslog.conf /var/log/pflog.txt 600 7 * @T00 Z The '-s 96' is required, because I don't have option INET6 compiled into the kernel. > It could be nice if pflogd supported logging to syslog directly. I can see Daniels point on the complexity of replicating what tcpdump does already. TBH, I've never found the overhead to be too onerous, if you add '-n' to tcpdump it'll reduce it even more. greg _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
