I'm trying to get pf working under Mountain Lion. Since it appears that Apple neglected to include pflogd, we have to make our own like:
/sbin/ifconfig pflog0 create
/usr/sbin/tcpdump -lnettti pflog0 | /usr/bin/logger -t pf
This dumps messages into system.log, but I'm trying to find a way to sort them out into their own. I was able to figure this out with ipfw, but ipfw left nice logs like:
Mar 5 11:34:44 flamingo kernel[0] <Debug>: ipfw: 65534 Deny ICMP:3.10 192.168.4.233 192.168.92.60 in via en0
For pf, I'm getting logs like:
Mar 5 11:57:50 flamingo.mydomain.com pf[51938]: 00:00:00.000000 rule 1/8(ip-option): pass in on en0: 172.24.32.41 > 224.0.0.1: igmp query v2
With OSXes 'logger', I can use -p to set a facility, but then the logs quietly vanish. I found references to using 'syslog -s -k facility whatever', but when I pipe my tcpdump into syslog, the process dies after a few seconds or minutes.
How can IA) find out how to keep syslog running, or B) either set or predict what I could filter the results from logger in asl.conf?
You're missing one ingredient to get logging.
This worked for me:
root# touch /var/log/pffirewall.log` to create the log file.
Then, add the following line to /etc/syslog.conf
:
local2.* /var/log/pffirewall.log
Now your logger process output will show up in /var/log/pffirewall.log
. Apparently logger is still tied to the old syslog facility and /etc/syslog.conf
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.