pf logs are stored in Tcpdump format, so you can parse them with tcpdump before dumping them into your analysis dbs ....
On Fri, 7 Aug 2020 at 11:36, Carlos Lopez <clo...@outlook.com> wrote: > Hi all, > > I am thinking about how could be the best option to inject PF logs in > Elasticsearch (or any similar platform). If I am not wrong, some years ago > there is an option using a shell wrapper to store all pf logs in ASCII > format and redirect all of them to a central syslog server (published in PF > FAQ). More or less it is what I am looking for. > > But maybe exists another best option in nowadays. Any ideas? Tips? > > Regards, > C. L. Martinez > > -- Kindest regards, Tom Smyth.
