PFLOG(4) BSD Programmer's Manual PFLOG(4)
pflog - packet filter logging interface
pseudo-device pflog
The pflog interface is a pseudo-device which makes visible all packets
logged by the packet filter, pf(4). Logged packets can easily be moni-
tored in real time by invoking tcpdump(8) on the pflog interface, or
stored to disk using pflogd(8).
Each packet retrieved on this interface has a header associated with it
of length PFLOG_HDRLEN. This header documents the address family, inter-
face name, rule number, reason, action, and direction of the packet that
was logged. This structure, defined in <net/if_pflog.h> looks like
struct pfloghdr {
u_int8_t length;
sa_family_t af;
u_int8_t action;
u_int8_t reason;
char ifname[IFNAMSIZ];
char ruleset[PF_RULESET_NAME_SIZE];
u_int32_t rulenr;
u_int32_t subrulenr;
u_int8_t dir;
u_int8_t pad[3];
};
# ifconfig pflog0 up
# tcpdump -n -e -ttt -i pflog0
inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8), tcpdump(8)
The pflog device first appeared in OpenBSD 3.0.
MirOS BSD #10-current December 10, 2001 1
Generated on 2012-01-15 18:49:59 by $MirOS: src/scripts/roff2htm,v 1.70 2011/12/03 18:21:12 tg Exp $
These manual pages and other documentation are copyrighted by their respective writers;
their source is available at our CVSweb,
AnonCVS, and other mirrors. The rest is Copyright © 2002‒2011 The MirOS Project, Germany.
This product includes material
provided by Thorsten Glaser.
This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report – diffs preferred.