Daniel Polak [2006-05-29, 00:37:06]: > Martin, > > The solution in the FAQ was ok for 3.8 but things changed in 3.9. > > For now if you run the script underneath from root's crontab every 5 > minutes you'll most likely be ok. > There should be a check in the script to see if it is already running to > prevent another instance starting when the old one hasn't finished yet. > The check in the script in the FAQ was actually not working anyway so if > the script in the FAQ wasn't causing any problems this one will be ok too. > With this script there is just one script and no need for the user > pflogger anymore as everything is done as root. This allows tcpdump to > privsep which makes things safer. > > /etc/pflogrotate: > > #!/bin/sh > # rotate pflog file and feed to syslog > FILE=/var/log/pflog5min.$(date "+%Y%m%d%H%M") > kill -ALRM $(cat /var/run/pflogd.pid) > if [ $(ls -l /var/log/pflog | cut -d " " -f 8) -gt 24 ]; then > mv /var/log/pflog $FILE > kill -HUP $(cat /var/run/pflogd.pid) > tcpdump -n -e -ttt -r $FILE | logger -p local0.info > rm $FILE > fi
I've adjusted the FAQ page with the new script, thanks! steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
