Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 May 2006 10:14:58 -0400
From:      "Andy Greenwood" <greenwood.andy@gmail.com>
To:        shih@math.jussieu.fr
Cc:        Iantcho Vassilev <ianchov@gmail.com>, FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: pflog
Message-ID:  <3ee9ca710605220714o7e333454qd3aae4e0a546765d@mail.gmail.com>
In-Reply-To: <20060522140951.GA29183@math.jussieu.fr>
References:  <20060522131634.GW29183@math.jussieu.fr> <18e02bd30605220659m10680b26hf1342958157e2f57@mail.gmail.com> <20060522140951.GA29183@math.jussieu.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is discussed in the openbsd pf page

http://www.openbsd.org/faq/pf/logging.html#syslog

On 5/22/06, Albert Shih <shih@math.jussieu.fr> wrote:
>  Le 22/05/2006 =E0 16:59:02+0300, Iantcho Vassilev a =E9crit
> > On 5/22/06, Albert Shih <shih@math.jussieu.fr> wrote:
> >
> > When you write your rules, you put "log" in them..
> >
> >
> > example:
> > pass in quick log proto tcp from any to any keep state
> >
> >
> > then you have to have pflogd started(pflog_enable=3D"YES" in /etc/rc.co=
nf).
> >
> > When pflog is started your binary log is lcated on /var/log/pflog
> >
> > you can read it witH:
> > tcpdump -n -t -r /var/log/pflog
> >
> > if you want real time(because pflog is where is written with some delay=
)
> > tcpdump -n -t -i pflog0
>
> Thanks. But I known this thing. The problem is with this method the log i=
s
> first write on the hard-disk. And I don't want do that (well I don't
> like...)
>
> I prefer the pflogd directly log to a central server. It's possible ?
>
> Regards.
>
>
> --
> Albert SHIH
> Universite de Paris 7 (Denis DIDEROT)
> U.F.R. de Mathematiques.
> 7 i=E8me =E9tage, plateau D, bureau 10
> Heure local/Local time:
> Mon May 22 16:08:02 CEST 2006
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ee9ca710605220714o7e333454qd3aae4e0a546765d>