Hello, World! I would like to have the pf logs of my gateway available on another machine to not have to work on them on the gateway itself. At that point, I'm juste trying to find a reasonable solution. Here are my thoughts:
* The solution proposed in the FAQ [1] has a few annoying problems (at least for me :). One of them is that logs in text format takes a lot more room that the ones in tcpdump files * I'had also a look at the (old) articles of Jacek Artymiak on the subject [2]. I've tested it and it seems quite clever. However, I had two problems with that solution: the network between the gateway and the host where I want to have my logs is not perfetly reliable, as the host where I want to keep my logs (an OpenBSD virtual machine on a win platform). The chance to lose logs is too high. It would be different if I had a dedicated machine for that purpose, directly connected to a dedicated interface of the gateway. * Then, I read an old post of the ML archives [3] about using cron and scp for that purpose. I thought a bit about that and came with such a solution: modify newsyslog.conf to execute a script that scp the logs on the remote host and gracefully fallback in case of (link) failure. Any comment? Did I miss a simpler / more clever way to do that? Thanks for your reply, -AJ [1] http://www.openbsd.org/faq/pf/logging.html#syslog [2] http://www.onlamp.com/pub/a/bsd/2002/06/20/openbsd.html [3] http://www.monkey.org/openbsd/archive/misc/0204/msg00737.html
