diff options
| author | Jakob Schlyter <jakob@cvs.openbsd.org> | 2001-09-15 14:03:07 +0000 |
|---|---|---|
| committer | Jakob Schlyter <jakob@cvs.openbsd.org> | 2001-09-15 14:03:07 +0000 |
| commit | 4e3e20aa876f9fa09e32fe382401504f19442414 (patch) | |
| tree | f24989b32277116ea4bdddce83b2c41aa79ea48b | |
| parent | 8f5b4bd4f461a41e728944072460af706dd47a0b (diff) | |
add EXAMPLES section; canacar@eee.metu.edu.tr, ok deraadt@
| -rw-r--r-- | sbin/pflogd/pflogd.8 | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/sbin/pflogd/pflogd.8 b/sbin/pflogd/pflogd.8 index b2c0856bbf1..de21ff37d3a 100644 --- a/sbin/pflogd/pflogd.8 +++ b/sbin/pflogd/pflogd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pflogd.8,v 1.5 2001/08/29 17:42:28 deraadt Exp $ +.\" $OpenBSD: pflogd.8,v 1.6 2001/09/15 14:03:06 jakob Exp $ .\" .\" Copyright (c) 2001 Can Erkin Acar. All rights reserved. .\" @@ -100,6 +100,17 @@ Other file parsers may desire a higher snaplen. .It Ar expression selects which packets will be dumped, using the regular language of .Xr tcpdump 8 . +.Sh EXAMPLES +Log specific tcp packets to a different log file with a large snaplen +(useful with a log-all rule to dump complete sessions) +.Bd -literal -offset indent +pflogd -s 1600 -f suspicious.log port 80 and host evilhost +.Ed +.Pp +Display binary logs: +.Bd -literal -offset indent +tcpdump -n -e -ttt -r /var/log/pflog +.Ed .Sh FILES .Bl -tag -width /var/run/pflogd.pid -compact .It Pa /var/run/pflogd.pid |