Re: PF firewall log problems
I guess I'm failing to see the point of writing to the log faster. If you need real time stats, use tcpdump -n -e -ttt -i pflog0. If you want to get say the last 1000 entries in the log and then go to realtime, use: sudo tcpdump -n -e -tt -c 1000 -r /var/log/pflog sudo tcpdump -n -e -ttt -i pflog0 On 7/7/05, fbsd_user [EMAIL PROTECTED] wrote: I am viewing pf log this way tcpdump -n -e -ttt -r /var/log/pflog Your reference to pflog man page is useless. Been there already. That gives some field names but not what is in them One of the pf mane pages says there is way to shorten buffer write cycle time. How do tell PF in rc.conf these over ride options?? -Original Message- From: Hornet [mailto:[EMAIL PROTECTED] Sent: Thursday, July 07, 2005 8:54 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: PF firewall log problems On 7/7/05, fbsd_user [EMAIL PROTECTED] wrote: How can I change the default wait time for PF buffer writes to the log file? The log records are being held in the buffers for a long time before being written out. I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can jack into your brain all would be solved. Are there any tools or ports for use on the PF log file to create better standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=pflogsektion=4 Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
PF firewall log problems
How can I change the default wait time for PF buffer writes to the log file? The log records are being held in the buffers for a long time before being written out. I want to change this to a shorter time. Are there any tools or ports for use on the PF log file to create better standardized reports? Where can I find a description of the PF log record fields? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF firewall log problems
On 7/7/05, fbsd_user [EMAIL PROTECTED] wrote: How can I change the default wait time for PF buffer writes to the log file? The log records are being held in the buffers for a long time before being written out. I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can jack into your brain all would be solved. Are there any tools or ports for use on the PF log file to create better standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=pflogsektion=4 Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: PF firewall log problems
I am viewing pf log this way tcpdump -n -e -ttt -r /var/log/pflog Your reference to pflog man page is useless. Been there already. That gives some field names but not what is in them One of the pf mane pages says there is way to shorten buffer write cycle time. How do tell PF in rc.conf these over ride options?? -Original Message- From: Hornet [mailto:[EMAIL PROTECTED] Sent: Thursday, July 07, 2005 8:54 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: PF firewall log problems On 7/7/05, fbsd_user [EMAIL PROTECTED] wrote: How can I change the default wait time for PF buffer writes to the log file? The log records are being held in the buffers for a long time before being written out. I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can jack into your brain all would be solved. Are there any tools or ports for use on the PF log file to create better standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=pflogsektion=4 Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
