Skip to content

dennisoelkers/keil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

.github/workflows

.github/workflows

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LayerHandler.go

LayerHandler.go

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

glide.yaml

glide.yaml

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

keil

Logging from pflog interface to GELF. Use it if you want a lightweight way to log all packets from pf on FreeBSD or OpenBSD to Graylog.

Compilation

Syntax

usage: keil [<flags>] <source>

Flags:
      --help              Show context-sensitive help (also try --help-long and --help-man).
  -f, --file              Read from file instead of device
  -P, --promisc           Defines if interface is flagged promiscous
  -h, --host="localhost"  Hostname of Graylog server
  -p, --port=12201        Port of Graylog Server
      --facility="pflog"  The facility identifier used for logging

Args:
  <source>  Name of device/filename to read from

Usage

The easiest way to use it would be to ron the keil binary with only the interface name it should capture packets from as an argument, like keil pflog0. This way it would use the default settings and log all GELF packets to localhost:12201.

If you want to change the destination host/port, log from a (pcap) file instead of an interface, switch the interface to promiscuous or change the facility used for logging, refer to the syntax.

About

Logging from pflog interface to GELF

Topics

security packets gelf graylog firewall logging

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages