On Fri, Aug 07, 2020 at 10:29:32AM +0000, Carlos Lopez wrote: > Hi all, > > I am thinking about how could be the best option to inject PF logs in > Elasticsearch (or any similar platform). If I am not wrong, some years ago > there is an option using a shell wrapper to store all pf logs in ASCII format > and redirect all of them to a central syslog server (published in PF FAQ). > More or less it is what I am looking for. > > But maybe exists another best option in nowadays. Any ideas? Tips?
As Tom said, it is possible to use tcpdump to convert to text, then forward to syslog. The example from the old PF tutorial https://home.nuug.no/~peter/pf/newest/log2syslog.html should still work. All the best, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
