[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: watching pflog



On Wed, 2005-03-02 at 11:22:15 +1300, Russell Fulton proclaimed...
> 	I want to monitor the output from pflog in more or less real time.  It
> isn't clear to me what is the best (read simplest ;) way to do this.
> What I really want is a version of tcpdump that will effectively do a
> tail -f on /var/log/pf.  Ideally it would cope with logfile rollovers
> too.
Hey Russell,
What was wrong with watching the pflog interface?
Actually, you bring up an interesting idea; multiple interfaces for logging.
Is there any possibility that a far-off-wish-list couple include the ability
to route packets from a pflog device onto the wire and then monitor that
traffic? Say on a monitor network or something like that. It'd be helpful
for those of us who are looking at clusters and several firewalls :)