MirBSD manpage: pflog(4)

PFLOG(4)                   BSD Programmer's Manual                    PFLOG(4)

NAME

     pflog - packet filter logging interface

SYNOPSIS

     pseudo-device pflog

DESCRIPTION

     The pflog interface is a pseudo-device which makes visible all packets
     logged by the packet filter, pf(4). Logged packets can easily be moni-
     tored in real time by invoking tcpdump(8) on the pflog interface, or
     stored to disk using pflogd(8).

     Each packet retrieved on this interface has a header associated with it
     of length PFLOG_HDRLEN. This header documents the address family, inter-
     face name, rule number, reason, action, and direction of the packet that
     was logged. This structure, defined in <net/if_pflog.h> looks like

           struct pfloghdr {
                   u_int8_t        length;
                   sa_family_t     af;
                   u_int8_t        action;
                   u_int8_t        reason;
                   char            ifname[IFNAMSIZ];
                   char            ruleset[PF_RULESET_NAME_SIZE];
                   u_int32_t       rulenr;
                   u_int32_t       subrulenr;
                   u_int8_t        dir;
                   u_int8_t        pad[3];
           };

EXAMPLES

           # ifconfig pflog0 up
           # tcpdump -n -e -ttt -i pflog0

SEE ALSO

     inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8), tcpdump(8)

HISTORY

     The pflog device first appeared in OpenBSD 3.0.

MirBSD #10-current            December 10, 2001                              1

Generated on 2021-12-07 11:07:08 by $MirOS: src/scripts/roff2htm,v 1.103 2021/01/23 20:24:35 tg Exp $ — This product includes material provided by mirabilos.

These manual pages and other documentation are copyrighted by their respective writers; their sources are available at the project’s CVSweb, AnonCVS and other mirrors. The rest is Copyright © 2002–2021 MirBSD.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report — diffs preferred.