Date: Thu, 7 Jul 2005 20:53:55 -0400 From: Hornet <hornetmadness@gmail.com> To: fbsd_user@a1poweruser.com Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Subject: Re: PF firewall log problems Message-ID: <f42935a605070717532fdea67@mail.gmail.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGIEGHHIAA.fbsd_user@a1poweruser.com> References: <MIEPLLIBMLEEABPDBIEGIEGHHIAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/7/05, fbsd_user <fbsd_user@a1poweruser.com> wrote: > How can I change the default wait time for PF buffer writes to the log fi= le? > The log records are being held in the buffers for a long time before bein= g > written out. > I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can "jack into your brain" all would be solved. >=20 >=20 > Are there any tools or ports for use on the PF log file to create better > standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed >=20 > Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=3Dpflog&sektion=3D4 >=20 > Thanks > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >=20 Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f42935a605070717532fdea67>