Hello guys, I implemented this config: http://home.nuug.no/~peter/pf/newest/log2syslog.html
in order to stream pf logs to a remote machine. If I add the command: sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t pf -p local2.info & to the /etc/rc.local file and reboot the box, it works for the boot time but then tcpdump process disappear (I'm sure the file is processed because previous commands are committed successfully), like something kills the process. Just for test I move the command from /etc/rc.local to /etc/rc: tcpdump still works perfectly, also after boot time, for every reboot. What are differences between rc.local and rc executions? Could you please help me to understand? It's not a problem for me remove the command from rc.local and put it in rc file but I'm curious to find the reason. On this platform (OpenBSD 5.6 amd64 on PcEngines APU) rc.local is invoked like this: [ -f /etc/rc.local ] && sh /etc/rc.local Thank you for any tip. -f
