[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pfctl log|log-all

To: "'Dries Schellekens'" <gwyllion@ace.ulyssis.org>
Subject: Re: Pfctl log|log-all
From: "Yacketta, Ronald" <ryacketta@ciber.com>
Date: Tue, 4 Jun 2002 07:40:48 -0400
Cc: Misc@openbsd.org

I have been through the man pages and the .confs etc.
Pflogd is running, pflog0 is up, /var/log/pflog is valid.
I even see a ling in messages about pflog starting when system boots.

I think the rule is not being matched, why? Who knows and it makes no
freaking sense

-Ron

-----Original Message-----
From: Dries Schellekens [mailto:gwyllion@ace.ulyssis.org] 
Sent: Tuesday, June 04, 2002 4:27 AM
To: Yacketta, Ronald
Cc: Misc@openbsd.org
Subject: Re: Pfctl log|log-all

On Mon, 3 Jun 2002, Yacketta, Ronald wrote:

> Folks,
>
> I have the pflog0 device and the /dev/pf device but yet I am not 
> getting any log information in /var/log/pflog when I add the log or 
> log-all flag to any rule in pf.conf
>
> Any ideas why nothing is being logged? I can tcpdump the interface and

> see traffic for that specific port

Try apropos pflog, you'll see pflogd(8) packet filter logging daemon.

Are what about reading the part about logging in pf.conf(5)? LOGGING
     ...
     The logged packets are sent to the pflog0 interface.  This
interface is
     monitored by the pflogd(8) logging daemon which dumps the logged
packets
     to the file /var/log/pflog in tcpdump(8) binary format.
     ...

There are plenty of mans that point to pflogd(8).

# ifconfig pflog0 up
# pflogd

Cheers,

Dries
-- 
Dries Schellekens
email: gwyllion@ulyssis.org

Follow-Ups:
- Re: Pfctl log|log-all
  - From: Dries Schellekens <gwyllion@ace.ulyssis.org>

References:
- Re: Pfctl log|log-all
  - From: Dries Schellekens <gwyllion@ace.ulyssis.org>

Prev by Date: Re: unknown user root
Next by Date: Re: Pfctl log|log-all
Prev by thread: Re: Pfctl log|log-all
Next by thread: Re: Pfctl log|log-all
Index(es):
- Date
- Thread