MirOS Manual: pflog(4)

PFLOG(4)                   BSD Programmer's Manual                    PFLOG(4)

NAME

     pflog - packet filter logging interface

SYNOPSIS

     pseudo-device pflog

DESCRIPTION

     The pflog interface is a pseudo-device which makes visible all packets
     logged by the packet filter, pf(4). Logged packets can easily be moni-
     tored in real time by invoking tcpdump(8) on the pflog interface, or
     stored to disk using pflogd(8).

     Each packet retrieved on this interface has a header associated with it
     of length PFLOG_HDRLEN. This header documents the address family, inter-
     face name, rule number, reason, action, and direction of the packet that
     was logged. This structure, defined in <net/if_pflog.h> looks like

           struct pfloghdr {
                   u_int8_t        length;
                   sa_family_t     af;
                   u_int8_t        action;
                   u_int8_t        reason;
                   char            ifname[IFNAMSIZ];
                   char            ruleset[PF_RULESET_NAME_SIZE];
                   u_int32_t       rulenr;
                   u_int32_t       subrulenr;
                   u_int8_t        dir;
                   u_int8_t        pad[3];
           };

EXAMPLES

           # ifconfig pflog0 up
           # tcpdump -n -e -ttt -i pflog0

SEE ALSO

     inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8), tcpdump(8)

HISTORY

     The pflog device first appeared in OpenBSD 3.0.

MirOS BSD #10-current         December 10, 2001                              1

Generated on 2014-07-04 21:17:45 by $MirOS: src/scripts/roff2htm,v 1.79 2014/02/10 00:36:11 tg Exp $

These manual pages and other documentation are copyrighted by their respective writers; their source is available at our CVSweb, AnonCVS, and other mirrors. The rest is Copyright © 2002‒2014 The MirOS Project, Germany.
This product includes material provided by Thorsten Glaser.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report – diffs preferred.