On Mon, 10 May 2010, Chris Smith wrote:
What about logging in this case? Can PF logs be sent to another system
running a syslog daemon?
You answered your own question. ;) Look at the 'action' field explanation
in the manual page for syslog.conf(5)
About the diskless machine, many of the
On Tue, May 11, 2010 at 4:56 PM, Lars Nooden lars.cura...@gmail.com wrote:
On Mon, 10 May 2010, Chris Smith wrote:
What about logging in this case? Can PF logs be sent to another system
running a syslog daemon?
You answered your own question. ;) Look at the 'action' field explanation
in
much for the help.
--
Cordialement,
Pierre BARDOU
-Message d'origine-
DeB : Aaron Mason [mailto:simplersolut...@gmail.com]
EnvoyC)B : mardi 11 mai 2010 14:01
CB : Lars Nooden
CcB : misc@openbsd.org
ObjetB : Re: Hardware for a PF box
On Tue, May 11, 2010 at 4:56 PM, Lars
bandwidth)
* 2x72 Gb SAS drives on raid1
* GENERIC.MP kernel
--
Cordialement,
Pierre BARDOU
-Message d'origine-
DeB : BARDOU Pierre
EnvoyC)B : mardi 11 mai 2010 15:40
CB : 'misc@openbsd.org'
ObjetB : RE: Hardware for a PF box
Hello,
I'll try to answer every suggestion
On Tue, 11 May 2010, BARDOU Pierre wrote:
... I don't think they come from PF BTW, it should be
logging/relayd/OpenVPN which makes the box lag.
Verify before you flush money. Tools like iostat, vmstat and pftop might
help show where the load is. Does the load you have from OpenVPN suggest
On Tue, May 11, 2010 at 2:56 AM, Lars Nooden lars.cura...@gmail.com wrote:
You answered your own question. ;) B Look at the 'action' field explanation
in the manual page for syslog.conf(5)
Maybe I'm missing something:
I can send normal syslog data to a remote logging server without
writing log
2010/5/11, Chris Smith obsd_m...@chrissmith.org:
Maybe I'm missing something:
You might want something like this:
# mkdir /var/log/rd ; chmod 700 /var/log/rd ; chown _pflogd:_pflogd
/var/log/rd
# echo 'pflogd_flags=-f /var/log/rd/pflog ' /etc/rc.conf.local
# echo 'swap /var/log/rd/ mfs
On Tue, 11 May 2010, Chris Smith wrote:
...http://www.openbsd.org/faq/pf/logging.html but the PF logs first have
to be written locally to a the pflog file.
Or you can pipe to logger(1) directly or go via a FIFO
/Lars
On Tue, 11 May 2010 12:43:17 -0400, Chris Smith wrote:
On Tue, May 11, 2010 at 2:56 AM, Lars Nooden lars.cura...@gmail.com wrote:
You answered your own question. ;) B Look at the 'action' field explanation
in the manual page for syslog.conf(5)
Maybe I'm missing something:
I can send normal
On May 11, 2010, at 17:18, Rod Whitworth glis...@witworx.com wrote:
On Tue, 11 May 2010 12:43:17 -0400, Chris Smith
I have tried to kill a CF for years. For more than a year it was
running spamd with the most verbose logging possible and lots of other
read/writes the system could live
Hello,
I'm going to buy hardware to create 4 PF/relayd/openVPN boxes (2 active, 2
passive).
I have an average of 500 new connections/s, 40k states and 40kpps in PF, 20
remote concurrent accesses on OpenVPN.
What CPU would you recommend between Intel and AMD ?
Since PF is mono threaded, I think
* BARDOU Pierre bardo...@mipih.fr [2010-05-10 17:27]:
Hello,
I'm going to buy hardware to create 4 PF/relayd/openVPN boxes (2 active, 2
passive).
I have an average of 500 new connections/s, 40k states and 40kpps in PF, 20
remote concurrent accesses on OpenVPN.
that's not much. a PIII @
On 2010-05-10, BARDOU Pierre bardo...@mipih.fr wrote:
I'm going to buy hardware to create 4 PF/relayd/openVPN boxes (2 active, 2
passive).
I have an average of 500 new connections/s, 40k states and 40kpps in PF, 20
remote concurrent accesses on OpenVPN.
What CPU would you recommend between
BARDOU Pierre bardo...@mipih.fr wrote on Mon, 10 May 2010 17:24:21
Subject: Hardware for a PF box
I'm going to buy hardware to create 4 PF/relayd/openVPN boxes
(2 active, 2 passive).
I have an average of 500 new connections/s,
40k states and 40kpps in PF, 20
remote concurrent accesses on OpenVPN
On Mon, May 10, 2010 at 1:57 PM, Geoff g...@oat.com wrote:
If there are local servers available, what about running
the firewalls as diskless machines?
What about logging in this case? Can PF logs be sent to another system
running a syslog daemon?
Chris
15 matches
Mail list logo
