Hello everyone,
I would like to order a little bit the informations logged by pf(4).
So, I have tried two things:
1. I have added some "(to pflog<n>)" after "log" in the pf(4) rules, like here:
Problem is, this information is sent to a pflog(4) device. I would like to have them written to some log file.
So, I have added this line in /etc/syslog.conf:
(and touched /var/log/pflog2.log).
Restarted syslogd(8), reloaded pf(4) rules.
And tried this:
2. I have added labels at the end of the rules, like here:
But the labels do not seem to be recorded in /var/log/pflog, or at least I can't find the tcpdump(1) option to display these labels. (I thought the different information could be logged into the same file, but thanks to the labels, it would be possible to
So, how should I do to put some order into the information logged by pf(4)? Am I completely wrong trying to use one of these 2 solutions above? How/what do you do?
I would like to order a little bit the informations logged by pf(4).
So, I have tried two things:
1. I have added some "(to pflog<n>)" after "log" in the pf(4) rules, like here:
Code:
pass log (to pflog2) quick on $ext_if proto tcp from $ssh_authorized_ip to $ext_if port ssh
So, I have added this line in /etc/syslog.conf:
Code:
local2.* /var/log/pflog2.log
Restarted syslogd(8), reloaded pf(4) rules.
And tried this:
tcpdump -n -tttti pflog2 | logger -p local2.info &
in order to have the logs written to /var/log/pflog2.log. But this file remains empty. When I stop the tcpdump(1) process, it shows a short summary about packets:
Code:
1 packet captured
1 packet received by filter
0 packets dropped by kernel
Code:
pass log quick on $ext_if proto tcp from $ssh_authorized_ip to $ext_if port ssh label "ssh"
grep
only some lines?).So, how should I do to put some order into the information logged by pf(4)? Am I completely wrong trying to use one of these 2 solutions above? How/what do you do?