diff options
| author | Jakob Schlyter <jakob@cvs.openbsd.org> | 2001-09-15 14:04:21 +0000 |
|---|---|---|
| committer | Jakob Schlyter <jakob@cvs.openbsd.org> | 2001-09-15 14:04:21 +0000 |
| commit | 79ad2d99766f051a8a65f8be32fc7ce5b80fd3e0 (patch) | |
| tree | 9c8c07912084a609dab1078624f187c7e08ac4c2 /share | |
| parent | 4e3e20aa876f9fa09e32fe382401504f19442414 (diff) | |
describe pflogd usage; canacar@eee.metu.edu.tr, ok deraadt@
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man5/pf.conf.5 | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 7c2279e6f2b..f58c5d40b00 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.14 2001/09/15 03:54:40 frantzen Exp $ +.\" $OpenBSD: pf.conf.5,v 1.15 2001/09/15 14:04:20 jakob Exp $ .\" .\" Copyright (c) 2001, Daniel Hartmeier .\" All rights reserved. @@ -138,10 +138,17 @@ Not only the packet that creates state is logged, but all packets of the connection. .El .Pp -The log messages can be viewed with tcpdump: +The logged packets are sent to the +.Em pflog0 +interface. This interfece is monitored by +.Xr pflogd 8 +logging daemon which dumps the logged packets to the file +.Em /var/log/pflog +in +.Xr tcpdump 8 +binary format. The log files can be read using tcpdump: .Bd -literal -.Cm # ifconfig pflog0 up -.Cm # tcpdump -n -i pflog0 +.Cm # tcpdump -n -e -ttt -r /var/log/pflog .Ed .Sh QUICK If a packet matches a rule which has the @@ -440,7 +447,8 @@ pass in on kue0 proto tcp from any to any port { ssh, smtp, domain, auth } keep .Xr pf 4 , .Xr nat.conf 5 , .Xr services 5 , -.Xr pfctl 8 +.Xr pfctl 8 , +.Xr pflogd 8 .Pp .Pa http://www.obfuscation.org/ipf/ has an extensive filter rule tutorial which for the most part applies to |