NAME    [Toc]    [Back]

     pflog - packet filter logging interface

SYNOPSIS    [Toc]    [Back]

     pseudo-device pflog

DESCRIPTION    [Toc]    [Back]

     The pflog interface is a pseudo-device which  makes  visible
all packets
     logged by the packet filter, pf(4).  Logged packets can easily be monitored
 in real time by invoking tcpdump(8) on the  pflog  interface, or
     stored to disk using pflogd(8).

     Each packet retrieved on this interface has a header associated with it
     of length PFLOG_HDRLEN.  This header documents  the  address
family, interface
 name, rule number, reason, action, and direction of the
packet that
     was logged.  This  structure,  defined  in  <net/if_pflog.h>
looks like

           struct pfloghdr {
                   u_int8_t        length;
                   sa_family_t     af;
                   u_int8_t        action;
                   u_int8_t        reason;
                   char            ifname[IFNAMSIZ];
                   char            ruleset[PF_RULESET_NAME_SIZE];
                   u_int32_t       rulenr;
                   u_int32_t       subrulenr;
                   u_int8_t        dir;
                   u_int8_t        pad[3];
           };

EXAMPLES    [Toc]    [Back]

           # ifconfig pflog0 up
           # tcpdump -n -e -ttt -i pflog0

SEE ALSO    [Toc]    [Back]

     inet(4),   inet6(4),   netintro(4),   pf(4),    ifconfig(8),
pflogd(8), tcpdump(8)

HISTORY    [Toc]    [Back]

     The pflog device first appeared in OpenBSD 3.0.

OpenBSD      3.6                        December     10,     2001