From owner-freebsd-questions@FreeBSD.ORG Fri Jul 8 00:53:57 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07E5616A41C for ; Fri, 8 Jul 2005 00:53:57 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 955C243D45 for ; Fri, 8 Jul 2005 00:53:56 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: by rproxy.gmail.com with SMTP id 40so86867rnz for ; Thu, 07 Jul 2005 17:53:56 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fmJ9MwwtlvNgsdQbrwc/MehhWebXSxcliKeOTgt+/vZ+JKVGf8CYr2scesz44nP3K4ESZZ2N8syi/rcgQIIsRM1SNsfBwY168u6yBGTSEkL3so0YvT7wPsSYqnO3qWQ67HdFiDdTnRlf4gm8DiUx0lZUKFPghjLxjWKoKn/iUHI= Received: by 10.38.6.14 with SMTP id 14mr242115rnf; Thu, 07 Jul 2005 17:53:55 -0700 (PDT) Received: by 10.38.8.44 with HTTP; Thu, 7 Jul 2005 17:53:55 -0700 (PDT) Message-ID: Date: Thu, 7 Jul 2005 20:53:55 -0400 From: Hornet To: fbsd_user@a1poweruser.com In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: "freebsd-questions@FreeBSD. ORG" Subject: Re: PF firewall log problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Hornet List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jul 2005 00:53:57 -0000 On 7/7/05, fbsd_user wrote: > How can I change the default wait time for PF buffer writes to the log fi= le? > The log records are being held in the buffers for a long time before bein= g > written out. > I want to change this to a shorter time. How are you viewing the data? Realtime tcpdump tcpdump -n -e -ttt -i pflog0 or Viewing pflog tcpdump -n -e -ttt -r /var/log/pflog Anything written to the tty is going to be a bit slower, of course if you can "jack into your brain" all would be solved. >=20 >=20 > Are there any tools or ports for use on the PF log file to create better > standardized reports? I think there is one called hatchet. Of course you can't beat good old fashion grep,awk, and maybe sed >=20 > Where can I find a description of the PF log record fields? http://www.freebsd.org/cgi/man.cgi?query=3Dpflog&sektion=3D4 >=20 > Thanks > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >=20 Erik