From 79ad2d99766f051a8a65f8be32fc7ce5b80fd3e0 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@cvs.openbsd.org>
Date: Sat, 15 Sep 2001 14:04:21 +0000
Subject: describe pflogd usage; canacar@eee.metu.edu.tr, ok deraadt@

---
 share/man/man5/pf.conf.5 | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'share')

diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 7c2279e6f2b..f58c5d40b00 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.conf.5,v 1.14 2001/09/15 03:54:40 frantzen Exp $
+.\"	$OpenBSD: pf.conf.5,v 1.15 2001/09/15 14:04:20 jakob Exp $
 .\"
 .\" Copyright (c) 2001, Daniel Hartmeier
 .\" All rights reserved.
@@ -138,10 +138,17 @@ Not only the packet that creates state is logged, but all packets of
 the connection.
 .El
 .Pp
-The log messages can be viewed with tcpdump:
+The logged packets are sent to the
+.Em pflog0
+interface. This interfece is monitored by
+.Xr pflogd 8
+logging daemon which dumps the logged packets to the file
+.Em /var/log/pflog
+in
+.Xr tcpdump 8
+binary format. The log files can be read using tcpdump:
 .Bd -literal
-.Cm # ifconfig pflog0 up
-.Cm # tcpdump -n -i pflog0
+.Cm # tcpdump -n -e -ttt -r /var/log/pflog
 .Ed
 .Sh QUICK
 If a packet matches a rule which has the 
@@ -440,7 +447,8 @@ pass in on kue0 proto tcp from any to any port { ssh, smtp, domain, auth } keep
 .Xr pf 4 ,
 .Xr nat.conf 5 ,
 .Xr services 5 ,
-.Xr pfctl 8
+.Xr pfctl 8 ,
+.Xr pflogd 8
 .Pp
 .Pa http://www.obfuscation.org/ipf/
 has an extensive filter rule tutorial which for the most part applies to
-- 
cgit v1.2.3