Date: Thu, 7 Jul 2005 21:16:00 -0400 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "Hornet" <hornetmadness@gmail.com> Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Subject: RE: PF firewall log problems Message-ID: <MIEPLLIBMLEEABPDBIEGEEGKHIAA.fbsd_user@a1poweruser.com> In-Reply-To: <f42935a605070717532fdea67@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I am viewing pf log this way tcpdump -n -e -ttt -r /var/log/pflog Your reference to pflog man page is useless. Been there already. That gives some field names but not what is in them One of the pf mane pages says there is way to shorten buffer write cycle time. How do tell PF in rc.conf these over ride options?? -----Original Message----- From: Hornet [mailto:hornetmadness@gmail.com] Sent: Thursday, July 07, 2005 8:54 PM To: fbsd_user@a1poweruser.com Cc: freebsd-questions@FreeBSD. ORG Subject: Re: PF firewall log problems On 7/7/05, fbsd_user <fbsd_user@a1poweruser.com> wrote: > How can I change the default wait time for PF buffer writes to the log file? > The log records are being held in the buffers for a long time before being > written out. > I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can "jack into your brain" all would be solved. > > > Are there any tools or ports for use on the PF log file to create better > standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed > > Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=pflog&sektion=4 > > Thanks > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEEGKHIAA.fbsd_user>