1.\" $OpenBSD: pflog.4,v 1.7 2004/03/21 19:47:59 miod Exp $ 2.\" $DragonFly: src/share/man/man4/pflog.4,v 1.3 2006/05/26 19:39:39 swildner Exp $ 3.\" 4.\" Copyright (c) 2001 Tobias Weingartner 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" 27.Dd December 10, 2001 28.Dt PFLOG 4 29.Os 30.Sh NAME 31.Nm pflog 32.Nd packet filter logging interface 33.Sh SYNOPSIS 34.Cd "device pflog" 35.Sh DESCRIPTION 36The 37.Nm pflog 38interface is a pseudo-device which makes visible all packets logged by 39the packet filter, 40.Xr pf 4 . 41Logged packets can easily be monitored in real 42time by invoking 43.Xr tcpdump 1 44on the 45.Nm 46interface, or stored to disk using 47.Xr pflogd 8 . 48.Pp 49Each packet retrieved on this interface has a header associated 50with it of length 51.Dv PFLOG_HDRLEN . 52This header documents the address family, interface name, rule 53number, reason, action, and direction of the packet that was logged. 54This structure, defined in 55.In net/pf/if_pflog.h 56looks like 57.Bd -literal -offset indent 58struct pfloghdr { 59 u_int8_t length; 60 sa_family_t af; 61 u_int8_t action; 62 u_int8_t reason; 63 char ifname[IFNAMSIZ]; 64 char ruleset[PF_RULESET_NAME_SIZE]; 65 u_int32_t rulenr; 66 u_int32_t subrulenr; 67 u_int8_t dir; 68 u_int8_t pad[3]; 69}; 70.Ed 71.Sh EXAMPLES 72.Bd -literal -offset indent 73# ifconfig pflog0 up 74# tcpdump -n -e -ttt -i pflog0 75.Ed 76.Sh SEE ALSO 77.Xr tcpdump 1 , 78.Xr inet 4 , 79.Xr inet6 4 , 80.Xr netintro 4 , 81.Xr pf 4 , 82.Xr ifconfig 8 , 83.Xr pflogd 8 84.Sh HISTORY 85The 86.Nm 87device first appeared in 88.Ox 3.0 89and was then integrated into 90.Dx 1.1 91by Devon H. O'Dell and Simon Schubert. 92.\" .Sh BUGS 93.\" Anything here? 94