From owner-freebsd-questions@FreeBSD.ORG Fri Jul 8 12:23:05 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74E2A16A41C for ; Fri, 8 Jul 2005 12:23:05 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id E880D43D45 for ; Fri, 8 Jul 2005 12:23:04 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: by rproxy.gmail.com with SMTP id 34so118894rns for ; Fri, 08 Jul 2005 05:23:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tgNjEZ4BawmaQ6mwWleHr1jqiPJa45JLc8WL04R2AfhXvKXm9Mo9ThqojDCKWSuvNq1bR9+Rp0qpSU7ouTqzLQCbUOiVL5DrWBAcFNisaa+o8jgG3EBUZ8hjZfIiv+rZ8q2h1ZD7kHRyVyCq/LoA2uI0lNkmEmtOJCp1IVmhLuc= Received: by 10.38.195.4 with SMTP id s4mr5175929rnf; Fri, 08 Jul 2005 05:23:04 -0700 (PDT) Received: by 10.38.8.44 with HTTP; Fri, 8 Jul 2005 05:23:04 -0700 (PDT) Message-ID: Date: Fri, 8 Jul 2005 08:23:04 -0400 From: Hornet To: fbsd_user@a1poweruser.com In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: "freebsd-questions@FreeBSD. ORG" Subject: Re: PF firewall log problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Hornet List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jul 2005 12:23:05 -0000 I guess I'm failing to see the point of writing to the log faster. If you need real time stats, use tcpdump -n -e -ttt -i pflog0. If you want to get say the last 1000 entries in the log and then go to realtime, use: sudo tcpdump -n -e -tt -c 1000 -r /var/log/pflog & sudo tcpdump -n -e -ttt -i pflog0 On 7/7/05, fbsd_user wrote: > I am viewing pf log this way > tcpdump -n -e -ttt -r /var/log/pflog >=20 > Your reference to pflog man page is useless. > Been there already. > That gives some field names but not what is in them >=20 > One of the pf mane pages says there is way to shorten buffer write > cycle time. > How do tell PF in rc.conf these over ride options?? >=20 >=20 >=20 > -----Original Message----- > From: Hornet [mailto:hornetmadness@gmail.com] > Sent: Thursday, July 07, 2005 8:54 PM > To: fbsd_user@a1poweruser.com > Cc: freebsd-questions@FreeBSD. ORG > Subject: Re: PF firewall log problems >=20 >=20 > On 7/7/05, fbsd_user wrote: > > How can I change the default wait time for PF buffer writes to the > log file? > > The log records are being held in the buffers for a long time > before being > > written out. > > I want to change this to a shorter time. > How are you viewing the data? >=20 > Realtime tcpdump > tcpdump -n -e -ttt -i pflog0 > or > Viewing pflog > tcpdump -n -e -ttt -r /var/log/pflog >=20 > Anything written to the tty is going to be a bit slower, of course > if > you can "jack into your brain" all would be solved. >=20 >=20 > > > > > > Are there any tools or ports for use on the PF log file to create > better > > standardized reports? > I think there is one called hatchet. Of course you can't beat good > old > fashion grep,awk, and maybe sed >=20 > > > > Where can I find a description of the PF log record fields? > http://www.freebsd.org/cgi/man.cgi?query=3Dpflog&sektion=3D4 > > > > Thanks > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > >=20 >=20 > Erik >=20 >