Hello.
I used to be an ipfilter user, and set up a pf-based OpenBSD 3.2 box to
replace an out-of-date ipfilter system a short while ago. My platform
is OpenBSD 3.2, but I'm open to a move to 3.3 if it will help resolve my
short-term problems.
Recently, I discovered that I don't really have the same logging data
I'd had with ipfilter.
I understand how to get a record of pf port blocks as a data stream so
that I can analyze the data in something approximating real-time.
# tcpdump -n -e -ttt -i pflog0 | local-data-analysis-script &
How can I get a similar stream of NAT state changes? I see how to pull
the NAT states with pfctl -s, but is there any way to get a stream of
state changes that can similarly be logged into a pipe, so that I can do
similar analysis?
Any suggestions? Or should I take this over to openbsd-misc?
Thanks,
-Bill.
- Re: PF - real-time(ish) logging of state changes? William Yang
- Re: PF - real-time(ish) logging of state changes? Cedric Berger
