MirOS Manual: pflog(4)

PFLOG(4)                   BSD Programmer's Manual                    PFLOG(4)


     pflog - packet filter logging interface


     pseudo-device pflog


     The pflog interface is a pseudo-device which makes visible all packets
     logged by the packet filter, pf(4). Logged packets can easily be moni-
     tored in real time by invoking tcpdump(8) on the pflog interface, or
     stored to disk using pflogd(8).

     Each packet retrieved on this interface has a header associated with it
     of length PFLOG_HDRLEN. This header documents the address family, inter-
     face name, rule number, reason, action, and direction of the packet that
     was logged. This structure, defined in <net/if_pflog.h> looks like

           struct pfloghdr {
                   u_int8_t        length;
                   sa_family_t     af;
                   u_int8_t        action;
                   u_int8_t        reason;
                   char            ifname[IFNAMSIZ];
                   char            ruleset[PF_RULESET_NAME_SIZE];
                   u_int32_t       rulenr;
                   u_int32_t       subrulenr;
                   u_int8_t        dir;
                   u_int8_t        pad[3];


           # ifconfig pflog0 up
           # tcpdump -n -e -ttt -i pflog0


     inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8), tcpdump(8)


     The pflog device first appeared in OpenBSD 3.0.

MirOS BSD #10-current         December 10, 2001                              1

Generated on 2017-04-03 16:26:17 by $MirOS: src/scripts/roff2htm,v 1.88 2017/01/29 00:51:06 tg Exp $

These manual pages and other documentation are copyrighted by their respective writers; their source is available at our CVSweb, AnonCVS, and other mirrors. The rest is Copyright © 2002–2017 The MirOS Project, Germany.
This product includes material provided by mirabilos.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report — diffs preferred.