pflog(4)
NAME
pflog - packet filter logging interface
SYNOPSIS
device pflog
DESCRIPTION
- The pflog interface is a pseudo-device which makes visible
- all packets
logged by the packet filter, pf(4). Logged packets can eas - ily be monitored in real time by invoking tcpdump(1) on the pflog in
- terface, or
stored to disk using pflogd(8). - Each packet retrieved on this interface has a header associ
- ated with it
of length PFLOG_HDRLEN. This header documents the address - family, interface name, rule number, reason, action, and direction of the
- packet that
was logged. This structure, defined in <net/if_pflog.h> - looks like
struct pfloghdr {u_int8_t length;
sa_family_t af;
u_int8_t action;
u_int8_t reason;
char ifname[IFNAMSIZ];
char ruleset[PF_RULESET_NAME_SIZE];
u_int32_t rulenr;
u_int32_t subrulenr;
u_int8_t dir;
u_int8_t pad[3];- };
EXAMPLES
# ifconfig pflog0 up
# tcpdump -n -e -ttt -i pflog0
SEE ALSO
- tcpdump(1) inet(4), inet6(4), netintro(4), pf(4), ifcon
- fig(8), pflogd(8)
HISTORY
- The pflog device first appeared in OpenBSD 3.0.
- BSD December 10, 2001