> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > James Mackinnon > Sent: Tuesday, September 20, 2005 9:43 AM > To: misc@openbsd.org > Subject: PFLogging to Syslog > > Good day everyone > > I have 20+ OpenBSD firewalls setup across Canada and I wanted to bring > the logs to a central server so I can make them web enabled so I can > view them in a web app > > In the past, I used checkpoint, I like pf much better but the logging > system to checkpoint was nice > > I have followed the PF: Logging section in the manaul, but I find not > everything that is going in pflog.txt is coming over to @syslogger > > Is there a better technique I should be using for 20+ firewalls logging > to a central server and then what web app would you recommend so I could > look at the logs in some type of non-console view > > Any suggestions and recommendations would be great as I would like to get > this right the first time:) > > Thanks > > James
Syslog uses best-effort UDP, so all log entries are not guaranteed to get to the central server. There are other syslog servers that offer better guarantees, and you may also want to use encryption and something to thwart traffic analysis. Take a look at syslog-ng, although I cannot tell you how it performs. I have just heard people mention it in this situation.