PF firewall log problems

Hornet hornetmadness at gmail.com
Fri Jul 8 12:23:05 GMT 2005 

I guess I'm failing to see the point of writing to the log faster. If
you need real time stats, use tcpdump -n -e -ttt -i pflog0. If you
want to get say the last 1000 entries in the log and then go to
realtime, use: sudo tcpdump -n -e -tt -c 1000 -r /var/log/pflog & sudo
tcpdump -n -e -ttt -i pflog0

On 7/7/05, fbsd_user <fbsd_user at a1poweruser.com> wrote:
> I am viewing pf log this way
> tcpdump -n -e -ttt -r /var/log/pflog
> 
> Your reference to pflog man page is useless.
> Been there already.
> That gives some field names but not what is in them
> 
> One of the pf mane pages says there is way to shorten buffer write
> cycle time.
> How do tell PF in rc.conf these over ride options??
> 
> 
> 
> -----Original Message-----
> From: Hornet [mailto:hornetmadness at gmail.com]
> Sent: Thursday, July 07, 2005 8:54 PM
> To: fbsd_user at a1poweruser.com
> Cc: freebsd-questions at FreeBSD. ORG
> Subject: Re: PF firewall log problems
> 
> 
> On 7/7/05, fbsd_user <fbsd_user at a1poweruser.com> wrote:
> > How can I change the default wait time for PF buffer writes to the
> log file?
> > The log records are being held in the buffers for a long time
> before being
> > written out.
> > I want to change this to a shorter time.
>  How are you viewing the data?
> 
> Realtime tcpdump
> tcpdump -n -e -ttt -i pflog0
> or
> Viewing pflog
> tcpdump -n -e -ttt -r /var/log/pflog
> 
> Anything written to the tty is going to be a bit slower, of course
> if
> you can "jack into your brain" all would be solved.
> 
> 
> >
> >
> > Are there any tools or ports for use on the PF log file to create
> better
> > standardized reports?
> I think there is one called hatchet. Of course you can't beat good
> old
> fashion grep,awk, and maybe sed
> 
> >
> > Where can I find a description of the PF log record fields?
> http://www.freebsd.org/cgi/man.cgi?query=pflog&sektion=4
> >
> > Thanks
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> >
> 
> 
> Erik
> 
>

More information about the freebsd-questions mailing list