Sorry, replied to just you,, figured this wouldn't hurt to send to the list
Right now I have it running real time like this tcpdump -l -e -t -i pflog0 | logger -p local0.info -t pf & it gets executed from the rc.local (not at the moment as I am just testing) I found this here http://www.freebsdforums.org/forums/showthread.php?s=&postid=139518#post139518 This has been sending everything over in real time but I am not sure what security risks I would be taking with this process and I would rather have a cron going as I think having it run this way would not be a good idea as the tcpdump command could fail, thus my logging fail Thoughts? James On 9/20/2005, "Roy Morris" <[EMAIL PROTECTED]> wrote: >James Mackinnon wrote: > >>Good day everyone >> >>I have 20+ OpenBSD firewalls setup across Canada and I wanted to bring >>the logs to a central server so I can make them web enabled so I can >>view them in a web app >> >>In the past, I used checkpoint, I like pf much better but the logging >>system to checkpoint was nice >> >>I have followed the PF: Logging section in the manaul, but I find not >>everything that is going in pflog.txt is coming over to @syslogger >> >>Is there a better technique I should be using for 20+ firewalls logging >>to a central server and then what web app would you recommend so I could >>look at the logs in some type of non-console view >> >>Any suggestions and recommendations would be great as I would like to get >>this right the first time:) >> >>Thanks >> >>James >> >> >> >You could scp all logs to a central server and do some 'stuff' on them >there, or >where you thinking more of a real time view?
