Re: pflog
On 5/22/06, Albert Shih [EMAIL PROTECTED] wrote: Hi all I want to use pf (actually I use ipfw). Well after I read the openbsd book, I always don't known how can I log the log of pf (with pflog) using syslog and I don't want (if it's possible) to write anything in my hard-disk (event it's temporaly, because it's virtual disk, I'm running vmware). Regards. Hi! When you write your rules, you put log in them.. example: pass in quick log proto tcp from any to any keep state then you have to have pflogd started(pflog_enable=YES in /etc/rc.conf). When pflog is started your binary log is lcated on /var/log/pflog you can read it witH: tcpdump -n -t -r /var/log/pflog if you want real time(because pflog is where is written with some delay) tcpdump -n -t -i pflog0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pflog
Le 22/05/2006 à 16:59:02+0300, Iantcho Vassilev a écrit On 5/22/06, Albert Shih [EMAIL PROTECTED] wrote: When you write your rules, you put log in them.. example: pass in quick log proto tcp from any to any keep state then you have to have pflogd started(pflog_enable=YES in /etc/rc.conf). When pflog is started your binary log is lcated on /var/log/pflog you can read it witH: tcpdump -n -t -r /var/log/pflog if you want real time(because pflog is where is written with some delay) tcpdump -n -t -i pflog0 Thanks. But I known this thing. The problem is with this method the log is first write on the hard-disk. And I don't want do that (well I don't like...) I prefer the pflogd directly log to a central server. It's possible ? Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Mon May 22 16:08:02 CEST 2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pflog
This is discussed in the openbsd pf page http://www.openbsd.org/faq/pf/logging.html#syslog On 5/22/06, Albert Shih [EMAIL PROTECTED] wrote: Le 22/05/2006 à 16:59:02+0300, Iantcho Vassilev a écrit On 5/22/06, Albert Shih [EMAIL PROTECTED] wrote: When you write your rules, you put log in them.. example: pass in quick log proto tcp from any to any keep state then you have to have pflogd started(pflog_enable=YES in /etc/rc.conf). When pflog is started your binary log is lcated on /var/log/pflog you can read it witH: tcpdump -n -t -r /var/log/pflog if you want real time(because pflog is where is written with some delay) tcpdump -n -t -i pflog0 Thanks. But I known this thing. The problem is with this method the log is first write on the hard-disk. And I don't want do that (well I don't like...) I prefer the pflogd directly log to a central server. It's possible ? Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Mon May 22 16:08:02 CEST 2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pflog
Le 22/05/2006 à 10:14:58-0400, Andy Greenwood a écrit This is discussed in the openbsd pf page http://www.openbsd.org/faq/pf/logging.html#syslog Thanks for the URLbut it's seem the shell script write on FILE=/home/pflogger/pflog5min.$(date +%Y%m%d%H%M) first before he push (by syslog) the log to a server. Well, maybe it's impossible:-( Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Mon May 22 16:19:32 CEST 2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pflog summary script?
On 2005-11-24 19:33, JD Bronson [EMAIL PROTECTED] wrote: Does anyone have a simple shell/perl script that can take /var/log/pflog and parse it into a simple txt or html? I would like to cron a script that can clean up the output of pflog and put it into something more readable... Basically something that looks like: Time - SourceIP - Destination Port or a count of these as well. I think what you want is something like the scripts included in these posts: http://keramida.serverhive.com/weblog/archives/2004-12-28/switching-from-ipfilter-to-pf http://keramida.serverhive.com/weblog/archives/2005-01-04/more-fun-with-the-pf9-firewall They are far from perfect and definitely not what I'd call production quality, but they will serve fine as a starting point while you write your own, I guess ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pflog trouble?
Dick Hoogendijk [EMAIL PROTECTED] writes: Today I compiled some kde stuff for a few hours on my fbsd-6.0 box and when I gave the shutdown -p now command it took minutes to complete the shutdown process. The machine seemed to hang on the shutdown of the pflog device. The porcess /was/ completed succesfully in the end but I wonder what happened.. After starting up again and (again) a shutdown -p now all went well and fast. Anybody a clue? You need a bit more information than that for a decent clue. It might well be that whatever hangs is right *after* pflog, though... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pflog trouble?
On 14 Nov 2005 10:03:32 -0500 Lowell Gilbert [EMAIL PROTECTED] wrote: Dick Hoogendijk [EMAIL PROTECTED] writes: Today I compiled some kde stuff for a few hours on my fbsd-6.0 box and when I gave the shutdown -p now command it took minutes to complete the shutdown process. The machine seemed to hang on the shutdown of the pflog device. The porcess /was/ completed succesfully in the end but I wonder what happened.. After starting up again and (again) a shutdown -p now all went well and fast. Anybody a clue? You need a bit more information than that for a decent clue. It might well be that whatever hangs is right *after* pflog, though... Right. This /is/ indeed the case. Sometimes there are some processes that won't be killed normally. I get the warning use ps axl .. But after a very long time the machine does shut down and a ps axl does not show anything ;-) It does not happen always; so, I don't have a clue how to investigate what causes the hangings.. any tips? -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11-stable ++ FreeBSD 6.0 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
