yes, this is true.. Probably lose a bit as currently I am logging all in and out on a fairly busy network all back to 1 logger.
I will do some reading on this one as well, thanks On 9/20/2005, "Will H. Backman" <[EMAIL PROTECTED]> wrote: >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >Of >> James Mackinnon >> Sent: Tuesday, September 20, 2005 9:43 AM >> To: [email protected] >> Subject: PFLogging to Syslog >> >> Good day everyone >> >> I have 20+ OpenBSD firewalls setup across Canada and I wanted to bring >> the logs to a central server so I can make them web enabled so I can >> view them in a web app >> >> In the past, I used checkpoint, I like pf much better but the logging >> system to checkpoint was nice >> >> I have followed the PF: Logging section in the manaul, but I find not >> everything that is going in pflog.txt is coming over to @syslogger >> >> Is there a better technique I should be using for 20+ firewalls >logging >> to a central server and then what web app would you recommend so I >could >> look at the logs in some type of non-console view >> >> Any suggestions and recommendations would be great as I would like to >get >> this right the first time:) >> >> Thanks >> >> James > >Syslog uses best-effort UDP, so all log entries are not guaranteed to >get to the central server. There are other syslog servers that offer >better guarantees, and you may also want to use encryption and something >to thwart traffic analysis. > >Take a look at syslog-ng, although I cannot tell you how it performs. I >have just heard people mention it in this situation.
