[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: watching pflog
On Wed, 2005-03-02 at 11:22:15 +1300, Russell Fulton proclaimed...
> I want to monitor the output from pflog in more or less real time. It
> isn't clear to me what is the best (read simplest ;) way to do this.
> What I really want is a version of tcpdump that will effectively do a
> tail -f on /var/log/pf. Ideally it would cope with logfile rollovers
What was wrong with watching the pflog interface?
Actually, you bring up an interesting idea; multiple interfaces for logging.
Is there any possibility that a far-off-wish-list couple include the ability
to route packets from a pflog device onto the wire and then monitor that
traffic? Say on a monitor network or something like that. It'd be helpful
for those of us who are looking at clusters and several firewalls :)