The idea is to run script as daemon on few gateway/firewall hosts of network to make sure that none of perticilar data will appear in network (at least in open format) while some work on networks and sites will be done.
Output will be done to a screen and sql database. No roblems with that.
The only problems I've come across with is soft. For now on despire tcpdump, awk and grep are old in FreeBSD 10!
Awk http://www.linuxquestions.org/questi...-ascii-488357/
and grep is "GNU Project 2002/01/22 GREP(1)" so modern regexp like (?=abc) just don't work! In php worked but not in grep.

Looks like perl is the solution.

What you should remember for next time is that, as long as you're a novice and as long as all parameters aren't clear to your audience, you should present your case in full.


...then you are in the wrong forum in the first place. Many applications work differently in FreeBSD and the LQ BSD forums are here https://www.linuxquestions.org/questions/%2Absd-17/ and here https://www.linuxquestions.org/quest...her-%2Anix-55/ so I'll ask the moderator to move this thread.


What you don't seem to (want to) understand is that where logging is concerned there is only one mantra: you don't know what you don't log. What this basically means is that if you get things wrong you don't get a second chance as the data already slipped through your fingers. There'll be no way to check for integrity of the message or stream, no way to perform deep packet inspection, etc, etc. Secondly, the way you've shown you're doing things, you're printing (I wouldn't call it "logging" really) a relative and interpreted subset of things (see the "-s0 -n -nn -N -p -tttt" args and ponder why).

Thanks for that. I've did not know that there is such a dig difference in the first place.

I do log now.
First of all i "tcpdump -w stream" write to a file and leter I experiment with "tcpdump -r stream". It just did'nt mension it here.

Your application cannot run as a daemon if it is expected to output to the screen. By definition, a daemon process has no attached terminal/console.

turn off output to screen and leave output to database.