PF firewall log problems
Hornet
hornetmadness at gmail.com
Fri Jul 8 00:53:57 GMT 2005
On 7/7/05, fbsd_user <fbsd_user at a1poweruser.com> wrote:
> How can I change the default wait time for PF buffer writes to the log file?
> The log records are being held in the buffers for a long time before being
> written out.
> I want to change this to a shorter time.
How are you viewing the data?
Realtime tcpdump
tcpdump -n -e -ttt -i pflog0
or
Viewing pflog
tcpdump -n -e -ttt -r /var/log/pflog
Anything written to the tty is going to be a bit slower, of course if
you can "jack into your brain" all would be solved.
>
>
> Are there any tools or ports for use on the PF log file to create better
> standardized reports?
I think there is one called hatchet. Of course you can't beat good old
fashion grep,awk, and maybe sed
>
> Where can I find a description of the PF log record fields?
http://www.freebsd.org/cgi/man.cgi?query=pflog&sektion=4
>
> Thanks
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Erik
More information about the freebsd-questions
mailing list