pflog

[Iantcho Vassilev]

On 5/22/06, Albert Shih <shih at math.jussieu.fr> wrote:
>
> Hi all
>
> I want to use pf (actually I use ipfw).
>
> Well after I read the openbsd book, I always don't known how can I log the
> log of pf (with pflog) using syslog and I don't want (if it's possible) to
> write anything in my hard-disk (event it's temporaly, because it's virtual
> disk, I'm running vmware).
>
> Regards.



Hi!

When you write your rules, you put "log" in them..


example:
pass in quick log proto tcp from any to any keep state


then you have to have pflogd started(pflog_enable="YES" in /etc/rc.conf).

When pflog is started your binary log is lcated on /var/log/pflog

you can read it witH:
tcpdump -n -t -r /var/log/pflog

if you want real time(because pflog is where is written with some delay)
tcpdump -n -t -i pflog0