Nowhere does it say I need to turn on the pflog0 interface using ifconfig in
the man pages.
I had manually altered my /etc/rc.conf to be of the 3.0 format and it still
didn't log packets. I had to start pflogd manually after bringing up the
interface as dries mentioned. Only then does it work. So I guess my
question is, do I need to bring that interface up myself (put it in
rc.local) or is it supposed to be done elsewhere by another script?
-----Original Message-----
From: Daniel Hartmeier [mailto:daniel@benzedrine.cx]
Sent: Thursday, February 28, 2002 10:32 AM
To: Shawn Wilton
Cc: Dries Schellekens; misc@openbsd.org
Subject: Re: Turning on pf logging after switching from ipf.
On Thu, Feb 28, 2002 at 10:09:01AM -0800, Shawn Wilton wrote:
> Thanks! but why isn't that in the man pages and why isn't it done
> automatically? Is there a way of logging to disk w/o the risk of running
> tcpdump as root on the base machine?
It is in the man page, pflogd(8). And if you have (manually) updated
your /etc, rc will automatically start pflogd, which logs to
/var/log/pflog, which you can tcpdump as non-root, if you chmod it
appropriately. tcpdump'ing pflog0 is just for additional life dumping of
the same packets that already get loggin in /var/log/pflog.
Daniel
|