Trying to see pf's logs using tcpdump
Christopher Nehren
apeiron at comcast.net
Sat Aug 28 15:53:19 PDT 2004
On Sat, Aug 28, 2004 at 18:10:28 EDT, Erik U. scribbled these
curious markings:
> I installed pf from the ports, configured and ran it.
> I just get this error when trying to watch pf's logs:
>
> [root at nat] ~ $ tcpdump -n -e -ttt -r /var/log/pflog
You're running the 5.2.1-RELEASE tcpdump which doesn't know anything about PF
log files. The PF port comes with its own version of tcpdump, aptly named
pftcpdump. If you read the documentation, you'd know this.
> Why can't they just put the logs in text not in some damn binary..
Probably because the data in question *is* binary. I suggest you read
byteorder(3) and better familiarise yourself with the way TCP/IP networks
function before asking such questions. Furthermore, the file format
itself is documented in pcap(3).
If any of this bewilders, confuses, or surprises you, it may not be wise
for you to use a 5.x release of FreeBSD.
--
I abhor a system designed for the "user", if that word is a coded
pejorative meaning "stupid and unsophisticated". -- Ken Thompson
-
Unix is user friendly. However, it isn't idiot friendly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040828/d04465b1/attachment.bin
More information about the freebsd-current
mailing list