Red Midnight wrote:
> Whenever I use a default block *log* rule to keep an eye on things, it
> can be noisy. To help a bit (even though they don't actually do
> anything), I use rules like this just to keep it out of the pf logs
That can be way too noisy. You can do 'regular' logging to pflog0 as
normal but create another interface for the catchall, e.g:
block in log (to pflog5)
Set pflog to listen.
pflogd -i pflog5 -f /var/log/pflog5 -p pflog5
[I need to test if a single instance of pflogd could be used instead.]
Then set newsyslog.conf to was less space with it.
/var/log/pflog5 root:wheel 640 3 50 * ZB /var/run/pflogd5.pid
Regards,
/Lars
