Yep ... Pretty interesting Pierre ... but maybe is not a good idea to install
JDK in a fw gateway ... In any case, good catch.
But maybe the best option is to do it using syslog ... I will think about it
this weekend ... Many thanks to all for your help.
On 07/08/2020, 16:35, "owner-m...@openbsd.org on behalf of
pierre1.bar...@orange.com" <owner-m...@openbsd.org on behalf of
pierre1.bar...@orange.com> wrote:
Hello,
I use logstash with an input like this :
input {
pipe {
type => "pflog"
command => "doas /usr/sbin/tcpdump -l -v -n -n -e -s 160 -tt -i pflog0"
}
}
--
Cordialement,
Pierre BARDOU
-----Message d'origine-----
De : owner-m...@openbsd.org <owner-m...@openbsd.org> De la part de Peter N.
M. Hansteen
Envoyé : vendredi 7 août 2020 13:10
À : misc@openbsd.org
Objet : Re: Managing PF logs
On Fri, Aug 07, 2020 at 10:29:32AM +0000, Carlos Lopez wrote:
> Hi all,
>
> I am thinking about how could be the best option to inject PF logs in
Elasticsearch (or any similar platform). If I am not wrong, some years ago
there is an option using a shell wrapper to store all pf logs in ASCII format
and redirect all of them to a central syslog server (published in PF FAQ). More
or less it is what I am looking for.
>
> But maybe exists another best option in nowadays. Any ideas? Tips?
As Tom said, it is possible to use tcpdump to convert to text, then forward
to syslog.
The example from the old PF tutorial
https://home.nuug.no/~peter/pf/newest/log2syslog.html
should still work.
All the best,
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember
to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu
ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and
delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
