[nycbug-talk] pflog to remote server

Brad Schonhorst bschonhorst
Mon Aug 22 20:43:22 EDT 2005


> On Mon, 22 Aug 2005, Brad Schonhorst wrote:
>
>> So I've been playing around with a soekris net4801 and want it to send
>> its
>> pflog data to a separate logging server.
>
> What do you have installed on the soekris?

A heavily modified version of flashdist.


>>  The openbsd documentation
>> (http://www.openbsd.org/faq/pf/logging.html) seems to suggest using cron
>> to
>> make the pflog into a text file and then ship that over to your log
>> server.
>
> Why not syslog to a different machine?
> I have a Soekris running M0n0Wall and I send the syslog output to a
> FreeBSD machine. I did have to change a setting in the FreeBSD machine to
> accept connections though.

hmm.  Thats what I had originally hoped to do but i wasn't sure how to do
that without losing realtime viewing.  I ended up using the dup-to flag
(thanks Okan) to send blocked packets to my log server.  The log server
has pf running and logs all incomming packets (the ones sent from the
gateway.)  I also opened up 514 UDP so i could send regular syslogs at it.

What does your syslog.conf file look like in order to send pflog to log
server?  Or did you change the log location in /etc/rc.conf to send pflog
over somehow?


-brad




More information about the talk mailing list