For basic logging one can use IPF, or presumably PF or NPF, to simply log all TCP "flows", albeit in a not-necessarily-so-useful format: log in proto tcp from any to any flags S/SAFR To that I also add the following, but to be more useful there should be per interface rules as well, and perhaps even some for interesting internal and/or external hosts: count in from any to any count out from any to any Too bad pf(4) in NetBSD does not (yet) include pflow(4) and related tools. It's been in the original OpenBSD for nearly a decade now. FreeBSD also has a NetGraph module, ng_netflow(4), for collecting NetFlow(tm) data. -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpoTNuQhctxp.pgp
Description: OpenPGP Digital Signature