Date: Mon, 22 May 2006 16:09:51 +0200 From: Albert Shih <shih@math.jussieu.fr> To: Iantcho Vassilev <ianchov@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: pflog Message-ID: <20060522140951.GA29183@math.jussieu.fr> In-Reply-To: <18e02bd30605220659m10680b26hf1342958157e2f57@mail.gmail.com> References: <20060522131634.GW29183@math.jussieu.fr> <18e02bd30605220659m10680b26hf1342958157e2f57@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 22/05/2006 à 16:59:02+0300, Iantcho Vassilev a écrit > On 5/22/06, Albert Shih <shih@math.jussieu.fr> wrote: > > When you write your rules, you put "log" in them.. > > > example: > pass in quick log proto tcp from any to any keep state > > > then you have to have pflogd started(pflog_enable="YES" in /etc/rc.conf). > > When pflog is started your binary log is lcated on /var/log/pflog > > you can read it witH: > tcpdump -n -t -r /var/log/pflog > > if you want real time(because pflog is where is written with some delay) > tcpdump -n -t -i pflog0 Thanks. But I known this thing. The problem is with this method the log is first write on the hard-disk. And I don't want do that (well I don't like...) I prefer the pflogd directly log to a central server. It's possible ? Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Mon May 22 16:08:02 CEST 2006
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060522140951.GA29183>