Hi
I've often used the command "tcpdump -n -e -ttt -i pflog0" to view PF
log in real time.
I've decided to try and use it in order to log in real time PF
through syslog. The solution described in the PF FAQ to log to syslog
works in time intervals, which doesn't meet my needs in my current setup.
I tried piping the output of "tcpdump -n -e -ttt -i pflog0" through
logger(1), and send it to syslog(8) using the complete command: "tcpdump
-n -e -ttt -i pflog0 | logger -t PF -p local7.notice". I setup
syslog.conf: "local7.*
/var/log/firewall.log", but the file "/var/log/firewall.log" remains
empty. trying the command: "tcpdump -n -e -ttt -i pflog0 | logger -t PF
-f /var/log/firewall.log" also leaves the file empty. As a last resort I
tried: "tcpdump -n -e -ttt -i pflog0 >& /var/log/firewall.log", but that
also didn't work and left the file /var/log/firewall.log empty). Running
tcpdump with "-l" (output buffering) solve the clear text redirection
into a file, but doesn't work with logger(1) (it simply ends the process
silently after 1 second or so).
Does anyone have a suggestion how to fix this so I can have real time
PF logging sent to syslog?
Please try and help me solve the problem and don't try to convince me to
drop either the real time logging and/or the use of syslog (I can't).
--
TIA
Paolo
- PF logging into a file Paolo Supino
-
