summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sbin/pflogd/pflogd.823
-rw-r--r--sbin/pflogd/pflogd.c17
2 files changed, 31 insertions, 9 deletions
diff --git a/sbin/pflogd/pflogd.8 b/sbin/pflogd/pflogd.8
index d1e707a00b8..b0b09509ed6 100644
--- a/sbin/pflogd/pflogd.8
+++ b/sbin/pflogd/pflogd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pflogd.8,v 1.27 2005/05/27 20:27:17 dhartmei Exp $
+.\" $OpenBSD: pflogd.8,v 1.28 2006/10/25 20:20:19 henning Exp $
.\"
.\" Copyright (c) 2001 Can Erkin Acar. All rights reserved.
.\"
@@ -34,6 +34,7 @@
.Nm pflogd
.Op Fl Dx
.Op Fl d Ar delay
+.Op Fl i Ar interface
.Op Fl f Ar filename
.Op Fl s Ar snaplen
.Op Ar expression
@@ -41,8 +42,10 @@
.Nm
is a background daemon which reads packets logged by
.Xr pf 4
-to the packet logging interface
-.Pa pflog0
+to a
+.Xr pflog 4
+interface, normally
+.Pa pflog0 ,
and writes the packets to a logfile (normally
.Pa /var/log/pflog )
in
@@ -101,6 +104,13 @@ If not specified, the default is 60 seconds.
Log output filename.
Default is
.Pa /var/log/pflog .
+.It Fl i Ar interface
+.Xr pflog 4
+interface to use.
+By default,
+.Nm
+will use
+.Ar pflog0 .
.It Fl s Ar snaplen
Analyze at most the first
.Ar snaplen
@@ -129,6 +139,13 @@ Log specific tcp packets to a different log file with a large snaplen
# pflogd -s 1600 -f suspicious.log port 80 and host evilhost
.Ed
.Pp
+Log from another
+.Xr pflog 4
+interface, excluding specific packets:
+.Bd -literal -offset indent
+# pflogd -i pflog3 -f network3.log "not (tcp and port 23)"
+.Ed
+.Pp
Display binary logs:
.Bd -literal -offset indent
# tcpdump -n -e -ttt -r /var/log/pflog
diff --git a/sbin/pflogd/pflogd.c b/sbin/pflogd/pflogd.c
index d8483188a54..94184913004 100644
--- a/sbin/pflogd/pflogd.c
+++ b/sbin/pflogd/pflogd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pflogd.c,v 1.35 2006/01/15 16:38:04 canacar Exp $ */
+/* $OpenBSD: pflogd.c,v 1.36 2006/10/25 20:20:19 henning Exp $ */
/*
* Copyright (c) 2001 Theo de Raadt
@@ -102,8 +102,9 @@ set_suspended(int s)
return;
suspended = s;
- setproctitle("[%s] -s %d -f %s",
- suspended ? "suspended" : "running", cur_snaplen, filename);
+ setproctitle("[%s] -s %d -i %s -f %s",
+ suspended ? "suspended" : "running",
+ cur_snaplen, interface, filename);
}
char *
@@ -149,8 +150,9 @@ logmsg(int pri, const char *message, ...)
__dead void
usage(void)
{
- fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-f filename] ");
- fprintf(stderr, "[-s snaplen] [expression]\n");
+ fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-i interface]");
+ fprintf(stderr, " [-f filename] [-s snaplen]\n");
+ fprintf(stderr, " [expression]\n");
exit(1);
}
@@ -532,7 +534,7 @@ main(int argc, char **argv)
closefrom(STDERR_FILENO + 1);
- while ((ch = getopt(argc, argv, "Dxd:s:f:")) != -1) {
+ while ((ch = getopt(argc, argv, "Dxd:f:i:s:")) != -1) {
switch (ch) {
case 'D':
Debug = 1;
@@ -545,6 +547,9 @@ main(int argc, char **argv)
case 'f':
filename = optarg;
break;
+ case 'i':
+ interface = optarg;
+ break;
case 's':
snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN,
&errstr);
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-20 04:54:27 +0000