|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Matt Sauve-Frankel (baud
philosophiebleue.com)Date: Sun Feb 10 2002 - 08:21:56 CST
On Fri, Feb 08, 2002 at 03:56:37PM +0100, Arvid Grøtting wrote:
> You could set up a process to do something like
>
> tcpdump -i pflog0 -e -n -v | logger -t pf
This probably isn't very sane.
Tcpdump has a history of security problems, you may not
want to depend on it decoding packets in realtime running as root.
It's probably better to move the log files of the firewall at
rotation time and analyze them on a separate machine with tcpdump
or snort running as unpriviledged user.
-- Matt Sauve-Frankel Philosophie Bleue | http://philosophiebleue.com Network Administrator | http://pblue.com -- An idea is not responsible for the people who believe in it
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]