[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: changing log files to ascii

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: changing log files to ascii
From: Matt Provost <mprovost_(_at_)_termcap_(_dot_)_net>
Date: Thu, 29 Apr 2004 09:53:32 -0700
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Apr 28 05:05 PM, Jim Mays wrote:
> I have recently had a computer hard drive failure that forced me to loose
> much of my old saved emails, so I hate to ask that this be repeated, but can
> someone either send me instructions for how to change my log files to ascii
> or tell me how to find the archives for this list.  All I know so far is
> that I have a /etc/pflogrotate file that is shown below.  I know there is
> more to it, but I don't have notes on what else was required.
> 
> Cheers,
> Jim
> 
> FILE=/home/pflogger/pflog5min.$(date "+%Y%m%d%H%M")
> kill -ALRM $(cat /var/run/pflogd.pid)
> if [ $(ls -l /var/log/pflog | cut -d " " -f 8) -gt 24 ]; then
>    mv /var/log/pflog $FILE
>    chown pflogger $FILE
>    kill -HUP $(cat /var/run/pflogd.pid)
> fi

PF logs created by pflogd are binary tcpdump logs:
# file /var/log/pflog
/var/log/pflog: tcpdump capture file (little-endian) - version 2.4,
capture length 116)

Follow the examples in `man 8 pflogd` to convert them into something
human readable, also check out `man 8 tcpdump`.

The basic example is:
# tcpdump -n -e -ttt -r /var/log/pflog

Matt

Prev by Date: Re: 11G on OpenBSD, when?
Next by Date: Greylisting with roaming users.
Previous by thread: Re: changing log files to ascii
Next by thread: IEEE 802.3 frames & OpenBSD
Index(es):
- Date
- Thread

Visit your host, monkey.org