[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pflog

To: misc_(_at_)_openbsd_(_dot_)_com
Subject: Re: pflog
From: "James J. Lippard" <lippard_(_at_)_discord_(_dot_)_org>
Date: Sat, 22 Dec 2001 10:55:19 -0700

Thanks for the FAQ reference and the suggestion to use

   tcpdump -ttt -e -i pflog0

but those don't answer the question I asked.

I suppose I could start up a

   tcpdump -ttt -e -i pflog0 >ascii-log

and run swatch on that, but that seems pretty inefficient, as well
as risks the potential security problems with tcpdump.  What would
be ideal would be an ascii logfile option to pflogd.

On Sat, Dec 22, 2001 at 11:27:05AM -0600, Jon Trembley wrote:
> Have you read the FAQ? http://www.openbsd.org/faq/faq6.html#6.2
> It talks about monitoring the pflog files.
> 
> --
> Jon
> 
> On Fri, Dec 21, 2001 at 09:06:25PM -0700, James J. Lippard wrote:
> > Has anybody built any tools for monitoring pf logs in realtime?
> > I used to use something like swatch with ipflogs, but the tcpdump
> > binary format is not easily conducive to such monitoring.
> > 
> > -- 
> > Jim Lippard        lippard_(_at_)_discord_(_dot_)_org       http://www.discord.org/
> > GPG Key ID: 0xF8D42CFE
> 
> -- 
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)

-- 
Jim Lippard        lippard_(_at_)_discord_(_dot_)_org       http://www.discord.org/
GPG Key ID: 0xF8D42CFE

References:
- pflog
  - From: James J. Lippard

Prev by Date: Re: international OBSD - locales and other such stuff?
Next by Date: Re: bdb3
Previous by thread: pflog
Next by thread: Re: pflog
Index(es):
- Date
- Thread

Visit your host, monkey.org