Hi all, I have some rules that I would like to redirect in syslog format to a log file. I don't need to touch /var/log/pflog. To accomplish this I have tried to start pflogd daemon with the following options:
"-s 256 -i pflog0 -f /var/log/pflog -i pflog1 -f /tmp/test.log" ... but it doesn't works. After, I have tried to start another pflogd instance with "-s 256 -i pflog1 -f /tmp/test.log": 25317 ?? S 0:49.58 pflogd: [running] -s 256 -i pflog1 -f /tmp/test.log (pflogd) 13851 ?? Ss 0:00.23 ntpd: ntp engine (ntpd) 16445 ?? Is 0:00.03 ntpd: dns engine (ntpd) 11227 ?? Ss 0:00.02 ntpd: [priv] (ntpd) 21752 ?? Is 0:00.05 /usr/sbin/sshd 14014 ?? Ss 0:00.30 sendmail: accepting connections (sendmail) 14724 ?? Is 0:00.01 /usr/sbin/ftp-proxy 14277 ?? Ss 0:00.04 /usr/sbin/cron 11070 ?? Ss 0:35.46 sshd: root@ttyp0 (sshd) 18112 ?? Is 0:00.01 pflogd: [priv] (pflogd) 14997 ?? S 0:01.08 pflogd: [running] -s 256 -i pflog0 -f /var/log/pflog (pflogd) .. but it doesn't works. /var/log/pflog doesn't register activitvy (pflog0 and pflog1 interfaces are up) At this stage, I only to need to try if this approach works using tcpdump file format in both log files ... Is it possible to use several pflogX interfaces an redirect all logs to several log files?? I am using OpenBSD 5.1 Thanks.
