> Gaurav Ghimire wrote: > > Just curious to know if we have something, some alerting system or > mechanism that provides the administrator with the daily reports that > pf itself or some other > > tool collects on pf's behalf. > > > > That probably reports the admin of: > > ~ Total connection counts matched on each rulesets. > > ~ Total number of counts matched on deny rules. > > /etc/periodic/security/520.pfdenied > > it should be enabled by default if you haven't done anything unnatural > to > the /etc/periodic system > > > ~ IP/Port attack logs and relatives. > > only if you specify "log" in one or more of your pf rules, in which > case you will find it in /var/log/pflog, /var/log/pflog.?.bz2, and > /var/log/pf.{today,yesterday} > > tom
I wrote a script that compiles a daily report on any pf table based threshold breaches -- something that could be modified to produce many different types of daily pf based reports : http://blog.stardothosting.com/2009/08/12/freebsd-pf-packet-filter-shell-scr ipt-to-report-on-hacking-attempts/ Something to look at anyways. _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"