https://github.com/dennisoelkers/keil
Logging from pflog interface to GELF
https://github.com/dennisoelkers/keil
firewall gelf graylog logging packets security
Last synced: about 1 year ago
JSON representation
Logging from pflog interface to GELF
- Host: GitHub
- URL: https://github.com/dennisoelkers/keil
- Owner: dennisoelkers
- Created: 2017-02-22T10:10:35.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-12-08T19:07:40.000Z (over 2 years ago)
- Last Synced: 2024-10-14T19:59:00.850Z (over 1 year ago)
- Topics: firewall, gelf, graylog, logging, packets, security
- Language: Go
- Size: 20.5 KB
- Stars: 2
- Watchers: 1
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# keil
Logging from pflog interface to GELF. Use it if you want a lightweight way to log all packets from pf on FreeBSD or OpenBSD to [Graylog](https://www.graylog.org).
## Compilation
* Checkout the repository
* Install the [glide package manager](https://glide.sh)
* Run `make` in the checked out repository
## Syntax
```
usage: keil []
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
-f, --file Read from file instead of device
-P, --promisc Defines if interface is flagged promiscous
-h, --host="localhost" Hostname of Graylog server
-p, --port=12201 Port of Graylog Server
--facility="pflog" The facility identifier used for logging
Args:
Name of device/filename to read from
```
## Usage
The easiest way to use it would be to ron the `keil` binary with only the interface name it should capture packets from as an argument, like `keil pflog0`. This way it would use the default settings and log all GELF packets to `localhost:12201`.
If you want to change the destination host/port, log from a (pcap) file instead of an interface, switch the interface to promiscuous or change the facility used for logging, refer to the syntax.