[nycbug-talk] pflog to remote server
Brad Schonhorst
bschonhorst
Mon Aug 22 20:43:22 EDT 2005
> On Mon, 22 Aug 2005, Brad Schonhorst wrote:
>
>> So I've been playing around with a soekris net4801 and want it to send
>> its
>> pflog data to a separate logging server.
>
> What do you have installed on the soekris?
A heavily modified version of flashdist.
>> The openbsd documentation
>> (http://www.openbsd.org/faq/pf/logging.html) seems to suggest using cron
>> to
>> make the pflog into a text file and then ship that over to your log
>> server.
>
> Why not syslog to a different machine?
> I have a Soekris running M0n0Wall and I send the syslog output to a
> FreeBSD machine. I did have to change a setting in the FreeBSD machine to
> accept connections though.
hmm. Thats what I had originally hoped to do but i wasn't sure how to do
that without losing realtime viewing. I ended up using the dup-to flag
(thanks Okan) to send blocked packets to my log server. The log server
has pf running and logs all incomming packets (the ones sent from the
gateway.) I also opened up 514 UDP so i could send regular syslogs at it.
What does your syslog.conf file look like in order to send pflog to log
server? Or did you change the log location in /etc/rc.conf to send pflog
over somehow?
-brad
More information about the talk
mailing list