[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tcpdump and viewing
Either you didn't switch logfiles and then kill -HUP the pflogd,
or the file is zero bytes long.
e.g the second para below...
pflogd [-D] [-d delay] [-f filename] [-s snaplen] [expression]
DESCRIPTION
pflogd is a background daemon which reads packets logged by pf(4)
to the
packet logging interface pflog0 and writes the packets to a logfile
(nor-
mally /var/log/pflog) in tcpdump(8) binary format. These logs can
be re-
viewed later using the -r option of tcpdump(8), hopefully offline
in case
there are bugs in the packet parsing code of tcpdump(8).
pflogd closes and then re-opens the log file when it receives
SIGHUP,
permitting newsyslog(8) to rotate logfiles automatically. SIGALRM
causes
pflogd to flush the current logfile buffers to the disk, thus
making the
most recent logs available. The buffers are also flushed every
delay
seconds.
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto Tel. 07855 805 271
http://www.devitto.com mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of fringet1
Sent: Sunday, June 01, 2003 8:21 PM
To: misc@openbsd.org
Subject: tcpdump and viewing
I am running OpenBSD 3.3 and I am logging a lot of things on my
firewall. I am trying to follow somewhat the model that they wrote
about on O'Reilly's site and everything dumps fine, but when I run
tcpdump -r on the file I get one of 2 errors. tcpdump: fread: Undefined
error: 0, or tcpdump: pcap_loop: truncated dump file. Anyone have an
idea where that is coming from. Thanks in advance.