Hi all, over the past few months of using PF I have been somewhat frustrated with grinding through the logs and was looking for a way to make this easier. I found a way that seems to work well for me, and helps the security community as well. So after a bit of fiddling I wrote a How-to on using the Dshield.org's client for OpenBSD's PF which allows you to submit your logs (block entries only) to Dshield (dshield.org), send yourself a copy of the "blocked" log entries, and archive your log files. The added bonus to this process is that if you register with Dshield (no plug, completely optional) when you log in you get your submitted data all nicely graphed and tabled and aggregated for you.
If you are interested I posted the how-to up here..(URL may wrap) http://www.inetsecurity.info/modules.php?op=modload%26name=News%26file=article%26sid=181%26mode=flat%26order=0%26thold=0 I did dumb it down a bit and I would expect the Guru's to do much more with this than I am dealing with in the How-to, but any feedback would be welcomed. Thanks for a great product, keep up the great work! Cheers, Wayne
