[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

realtime and sychronized logging using tcpdump piped to logger

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: realtime and sychronized logging using tcpdump piped to logger
From: "Allan P. Magmanlac" <allan_(_dot_)_magmanlac_(_at_)_nrns_(_dot_)_ca>
Date: Wed, 21 Apr 2004 12:23:07 -0400

Hello, My openbsd 3.4 is configured to use packet filter (PF). As we know, pflogd writes to logs to /var/log/pflog in binary format. Although, we can run tcpdump to see the logs in realtime (# tcpdump -n -e -ttt -i pflog0), I would just prefer to use sylogd to write the logs in ascii format.

Part of what I have in syslog.cnf file
#for pflog in ascii format
local0.info                                             /var/log/pflog.txt

Now when I run:

#tcpdump -n -e -ttt -i pflog0 | logger -t pf -p local0.info

and telnet for instance to the box (which I block), plogd logs it fine in /var/log/pflog in binary format. But when look at /var/log/pflog.txt, the logs are not written to it.

The reason why I would like to have ascii log format is so that I do not have to run tcpdump -n -e -ttt -i pflog0 to see the current logs all the time and just look at the updated /var/log/pflog.txt whenever I need to.

Anybody has an idea on how to get this working.

Thanks.

Prev by Date: Re: Massive problems with mod dav
Next by Date: NEW: sec - simple event correlator
Previous by thread: Re: Massive problems with mod dav
Next by thread: NEW: sec - simple event correlator
Index(es):
- Date
- Thread

Visit your host, monkey.org