Thanks! but why isn't that in the man pages and why isn't it done
automatically? Is there a way of logging to disk w/o the risk of running
tcpdump as root on the base machine?
-----Original Message-----
From: Dries Schellekens [mailto:gwyllion@ace.ulyssis.org]
Sent: Thursday, February 28, 2002 5:21 AM
To: Shawn Wilton
Cc: misc@openbsd.org
Subject: Re: Turning on pf logging after switching from ipf.
On Thu, 28 Feb 2002, Shawn Wilton wrote:
> Hey, I searched the archives for how to "turn on the logging" for pf, but
> all I found was this: tcpdump -n -e -ttt -i pflog0
>
> That just gives a network down error. I touched the /var/log/pflog file,
> and sighupped syslogd, but that did nothing as well. Don't suppose
someone
> could point me in the right direction? I did find pflogd, but as far as I
> can tell, it just doesn't run.
I think you forgot to do
# ifconfig pflog0 up
Then start pflogd and read the log use
# tcpdump -n -e -ttt -r /var/log/pflog
or realtime
# tcpdump -n -e -ttt -i pflog0
Greetings,
Dries
--
Dries Schellekens
email: gwyllion@ulyssis.org
|