Contributed by jose on from the exportable-transport-logs dept.
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the exportable-transport-logs dept.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Anonymous () on
And in fact you can always analyse them with:
tcpdump -n -e -ttt -r /var/log/pflog | /path/to/you/analizer
Comments
By Again me () on
(tcpdump -ettni pflog0 | logger -t pflog) &
By David JObes () djobes@xscanners.org on http://www.xscanners.org
By jose () on http://monkey.org/~jose/
i have been working on pfexport, a tool to export the pflog data in binary format to a remote reader. its almost prime time, but has a sticky bug which prevents it from working. the basic premise is like ciscos netflow, you specifiy a timeout to kick records out ... ie every second, every 30 seconds, whatever, using UDP packets.
By hno () on http://www.familiehein.net/
By djm () on
Comments
By Jarkko Turkulainen () on
OK, this doesn't mean that my method is more secure, but I hope it will if more people look at it and review the code.
By Anonymous Coward () on