PF firewall log problems
fbsd_user
fbsd_user at a1poweruser.com
Fri Jul 8 01:16:02 GMT 2005
I am viewing pf log this way
tcpdump -n -e -ttt -r /var/log/pflog
Your reference to pflog man page is useless.
Been there already.
That gives some field names but not what is in them
One of the pf mane pages says there is way to shorten buffer write
cycle time.
How do tell PF in rc.conf these over ride options??
-----Original Message-----
From: Hornet [mailto:hornetmadness at gmail.com]
Sent: Thursday, July 07, 2005 8:54 PM
To: fbsd_user at a1poweruser.com
Cc: freebsd-questions at FreeBSD. ORG
Subject: Re: PF firewall log problems
On 7/7/05, fbsd_user <fbsd_user at a1poweruser.com> wrote:
> How can I change the default wait time for PF buffer writes to the
log file?
> The log records are being held in the buffers for a long time
before being
> written out.
> I want to change this to a shorter time.
How are you viewing the data?
Realtime tcpdump
tcpdump -n -e -ttt -i pflog0
or
Viewing pflog
tcpdump -n -e -ttt -r /var/log/pflog
Anything written to the tty is going to be a bit slower, of course
if
you can "jack into your brain" all would be solved.
>
>
> Are there any tools or ports for use on the PF log file to create
better
> standardized reports?
I think there is one called hatchet. Of course you can't beat good
old
fashion grep,awk, and maybe sed
>
> Where can I find a description of the PF log record fields?
http://www.freebsd.org/cgi/man.cgi?query=pflog&sektion=4
>
> Thanks
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
>
Erik
More information about the freebsd-questions
mailing list