Packet Filter alerting system.
Tom Uffner
tom at uffner.com
Tue Sep 15 19:05:19 UTC 2009
Gaurav Ghimire wrote:
> Just curious to know if we have something, some alerting system or mechanism that provides the administrator with the daily reports that pf itself or some other
> tool collects on pf's behalf.
>
> That probably reports the admin of:
> ~ Total connection counts matched on each rulesets.
> ~ Total number of counts matched on deny rules.
/etc/periodic/security/520.pfdenied
it should be enabled by default if you haven't done anything unnatural to
the /etc/periodic system
> ~ IP/Port attack logs and relatives.
only if you specify "log" in one or more of your pf rules, in which
case you will find it in /var/log/pflog, /var/log/pflog.?.bz2, and
/var/log/pf.{today,yesterday}
tom
More information about the freebsd-pf
mailing list