PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
You can log to syslog, local or remote
NOTE: potential for huge amounts of data
disable local pflog via rc.conf.local
pflogd_flags="-f /dev/null"
define log in syslog.conf
local2.info @loghost.example.com
start it all (or put in rc.local)
$ sudo nohup tcpdump -lnettti pflog0 | logger -t pf -p local2.info &
Note: may need absolute paths depending on environment