From owner-freebsd-questions@FreeBSD.ORG  Wed Nov  5 05:27:15 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0F47A1065691
	for <freebsd-questions@freebsd.org>;
	Wed,  5 Nov 2008 05:27:15 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 9DB0B8FC22
	for <freebsd-questions@freebsd.org>;
	Wed,  5 Nov 2008 05:27:14 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from epia-2.farid-hajji.net (epia-2 [192.168.254.11])
	by fw.farid-hajji.net (Postfix) with ESMTP id 968CE35ECA;
	Wed,  5 Nov 2008 06:24:43 +0100 (CET)
Date: Wed, 5 Nov 2008 06:27:11 +0100
From: cpghost <cpghost@cordula.ws>
To: freebsd-questions@freebsd.org
Message-ID: <20081105052710.GD2277@epia-2.farid-hajji.net>
References: <20081104191354.GA1819@phenom.cordula.ws>
	<20081105022242.GA1178@shepherd>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20081105022242.GA1178@shepherd>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: Watching /var/log/pflog grow
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Nov 2008 05:27:15 -0000

On Tue, Nov 04, 2008 at 09:22:42PM -0500, Sahil Tandon wrote:
> cpghost <cpghost@cordula.ws> wrote:
> 
> > How can I watch /var/log/pflog grow with tcpdump, "tail -f" style?
> > 
> > This won't work:
> >   $ tail -f /var/log/pflog | tcpdump -n -s 116 -r -
> > because tail doesn't start at the right location.
> 
> [...]
> 
> > I'm afraid that in the latter case, every packet will be
> >   EITHER logged by pflogd
> >   XOR    displayed by tcpdump.
> > Is that so?
> > 
> > If yes, /var/log/pflog would be incomplete, because some packets
> > would have been snatched away from pflog0 by tcpdump, before
> > pflogd ever got a chance to read them out.
> > 
> > Is there a way to watch /var/log/pflog grow, while
> > still making sure that pflogd logs EVERY packet that appears
> > on the pflog0 interface? How?
> 
> According to pflogd(8):
> 
>    Display the logs in real time (this does not interfere with the
>    operation of pflogd):
> 
>           # tcpdump -n -e -ttt -i pflog0

EOUTOFCAFFEINE

I actually read the man page, but I didn't pay attention to this.
Sorry for the noise and thanks for pointing it out.

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/