PF firewall log problems

fbsd_user fbsd_user at
Fri Jul 8 01:16:02 GMT 2005

I am viewing pf log this way
tcpdump -n -e -ttt -r /var/log/pflog

Your reference to pflog man page is useless.
Been there already.
That gives some field names but not what is in them

One of the pf mane pages says there is way to shorten buffer write
cycle time.
How do tell PF in rc.conf these over ride options??

-----Original Message-----
From: Hornet [mailto:hornetmadness at]
Sent: Thursday, July 07, 2005 8:54 PM
To: fbsd_user at
Cc: freebsd-questions at FreeBSD. ORG
Subject: Re: PF firewall log problems

On 7/7/05, fbsd_user <fbsd_user at> wrote:
> How can I change the default wait time for PF buffer writes to the
log file?
> The log records are being held in the buffers for a long time
before being
> written out.
> I want to change this to a shorter time.
 How are you viewing the data?

Realtime tcpdump
tcpdump -n -e -ttt -i pflog0
Viewing pflog
tcpdump -n -e -ttt -r /var/log/pflog

Anything written to the tty is going to be a bit slower, of course
you can "jack into your brain" all would be solved.

> Are there any tools or ports for use on the PF log file to create
> standardized reports?
I think there is one called hatchet. Of course you can't beat good
fashion grep,awk, and maybe sed

> Where can I find a description of the PF log record fields?
> Thanks
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at"


More information about the freebsd-questions mailing list