Date: Fri, 8 Jul 2005 08:23:04 -0400 From: Hornet <hornetmadness@gmail.com> To: fbsd_user@a1poweruser.com Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Subject: Re: PF firewall log problems Message-ID: <f42935a6050708052323696ac2@mail.gmail.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGEEGKHIAA.fbsd_user@a1poweruser.com> References: <f42935a605070717532fdea67@mail.gmail.com> <MIEPLLIBMLEEABPDBIEGEEGKHIAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I guess I'm failing to see the point of writing to the log faster. If you need real time stats, use tcpdump -n -e -ttt -i pflog0. If you want to get say the last 1000 entries in the log and then go to realtime, use: sudo tcpdump -n -e -tt -c 1000 -r /var/log/pflog & sudo tcpdump -n -e -ttt -i pflog0 On 7/7/05, fbsd_user <fbsd_user@a1poweruser.com> wrote: > I am viewing pf log this way > tcpdump -n -e -ttt -r /var/log/pflog >=20 > Your reference to pflog man page is useless. > Been there already. > That gives some field names but not what is in them >=20 > One of the pf mane pages says there is way to shorten buffer write > cycle time. > How do tell PF in rc.conf these over ride options?? >=20 >=20 >=20 > -----Original Message----- > From: Hornet [mailto:hornetmadness@gmail.com] > Sent: Thursday, July 07, 2005 8:54 PM > To: fbsd_user@a1poweruser.com > Cc: freebsd-questions@FreeBSD. ORG > Subject: Re: PF firewall log problems >=20 >=20 > On 7/7/05, fbsd_user <fbsd_user@a1poweruser.com> wrote: > > How can I change the default wait time for PF buffer writes to the > log file? > > The log records are being held in the buffers for a long time > before being > > written out. > > I want to change this to a shorter time. > How are you viewing the data? >=20 > Realtime tcpdump > tcpdump -n -e -ttt -i pflog0 > or > Viewing pflog > tcpdump -n -e -ttt -r /var/log/pflog >=20 > Anything written to the tty is going to be a bit slower, of course > if > you can "jack into your brain" all would be solved. >=20 >=20 > > > > > > Are there any tools or ports for use on the PF log file to create > better > > standardized reports? > I think there is one called hatchet. Of course you can't beat good > old > fashion grep,awk, and maybe sed >=20 > > > > Where can I find a description of the PF log record fields? > http://www.freebsd.org/cgi/man.cgi?query=3Dpflog&sektion=3D4 > > > > Thanks > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > >=20 >=20 > Erik >=20 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f42935a6050708052323696ac2>