> Gaurav Ghimire wrote:
> > Just curious to know if we have something, some alerting system or
> mechanism that provides the administrator with the daily reports that
> pf itself or some other
> > tool collects on pf's behalf.
> >
> > That probably reports the admin of:
> > ~ Total connection counts matched on each rulesets.
> > ~ Total number of counts matched on deny rules.
>
> /etc/periodic/security/520.pfdenied
>
> it should be enabled by default if you haven't done anything unnatural
> to
> the /etc/periodic system
>
> > ~ IP/Port attack logs and relatives.
>
> only if you specify "log" in one or more of your pf rules, in which
> case you will find it in /var/log/pflog, /var/log/pflog.?.bz2, and
> /var/log/pf.{today,yesterday}
>
> tom
I wrote a script that compiles a daily report on any pf table based
threshold breaches -- something that could be modified to produce many
different types of daily pf based reports :
http://blog.stardothosting.com/2009/08/12/freebsd-pf-packet-filter-shell-scr
ipt-to-report-on-hacking-attempts/
Something to look at anyways.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
