[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf-log with syslog

On Fri, Feb 08, 2002 at 03:56:37PM +0100, Arvid Grøtting wrote:
> You could set up a process to do something like
>     tcpdump -i pflog0 -e -n -v | logger -t pf

This probably isn't very sane. 

Tcpdump has a history of security problems, you may not 
want to depend on it decoding packets in realtime running as root.

It's probably better to move the log files of the firewall at
rotation time and analyze them on a separate machine with tcpdump
or snort running as unpriviledged user.

Matt Sauve-Frankel		Philosophie Bleue | http://philosophiebleue.com
Network Administrator				  | http://pblue.com
--  An idea is not responsible for the people who believe in it