> After reading the "Packet Logging Through Syslog" section of the pf FAQ > I decided to try a different approach. Now that it's working (for my > system and needs) I'm wondering 1) Is it (relatively) safe? 2) Is it > useful to others? and 3) Did I re-invent something already available I > missed?
Well, you have found a great way to slow your machine down when it hits serious traffic load. We believe that packet logging via syslog is the wrong method. That is why pf was redesigned to not use that mechanism of logging itself, and it instead uses the pflog interface. See, that way the low level parts of the system know when someone is actually trying to get log results, so that we don't waste time pushing them out there.
