From nobody Fri Feb 21 08:11:52 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzjX94BvVz5pMSZ; Fri, 21 Feb 2025 08:11:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzjX85jS8z3QjZ; Fri, 21 Feb 2025 08:11:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740125512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=as4qvLM4kbKKbslFcwQHTj7b4s7LhriuaD9JXEFW0Q0=; b=U9gR8WwHN1wrGiMBW+Ez4T/FYMCnujgAUE80bP1SCt97J1/ukbqUXG+cE/rJ/8+3KnFOG3 kv2IQM0c5w40xS37YmwZFa+KL2qXy6TgwAmjyRoeNt7hnveeUE9e3j6Sr6ivVI73Uf2fo/ 8Tc/l2UMVr2MgC3nugzS/JSyCYobpMKKaWqc6xmYx77T0EH2J2ZHQECQoszNGbNtzPoac2 refZIp8mp/3akW3AemV0ojZasWi1Ht2W160m5HzjNElcFT7WbbHhFiCxxdGuJ10MmZNsqd okTVeQIQVYC/bPgAyGK03m9LlpDRkJ2ki01PkCG/OddPV8jP1YHXc2ugLhy1kQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740125512; a=rsa-sha256; cv=none; b=AjgHp8rspp7cMoWKtAjnGQo+j5PN6H2PX03ZLZ13lI/UQTPdNL1JxXbB0X0CLn8VEtb3Il nQVhImwPOvu+VzfOKHiTw6uOMmxUtWp8luQNt2+VKjaL9Cfr88PRKkiSw+Di1jsakq+wi0 YT582uAP5OE1wmTgN687ur/ekRRiiWycy/fL82GlAp8ZXPzdcX3zD2lpVIgcGCnCS+sR8P dGbY5KetOhf0g0y69K+/MU6cTkZSE17UKxsyi2T71XtkgOMn3FkWedRaZD558A+eze2COD QnWJ+puC6ZZPTV+CvJtlbnO2BgkOyxlK7borw5NEriOLAHrDsUqURZ7Ofg8EDA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740125512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=as4qvLM4kbKKbslFcwQHTj7b4s7LhriuaD9JXEFW0Q0=; b=ES535RB1jZr6mp8jCyxczlJHAn6eOdBWd3CWPZoJpiyBgfTMfLL5VK60tQFyJgCCDhk6of JAxclbvRwqxU+jFqXP5PDzYsVi4Bqr9xg6kfWaObr8osdsRFQSRZ0orgLHQU9WnzpMV6Uo ehM2tg8uC8ClfUziMQ5UxlVPIkdIsLts5wLVmAneKjGi3yKmKuKPc4rb5ZdkIrnYiTr0n5 nVvGi2hSQF7qLOgbG/+jmd1bIRcHYHMNdaFOt+JgL1cc3TvY/YRcnbBTjc6doZZChdjZeT dn5AGDdNvLo3ABO6Dcq01ZulsS3Z8z4ZkW4N3hRs9qdloirEpZiUsh3bv9I5vg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzjX8502nz1SCB; Fri, 21 Feb 2025 08:11:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L8Bq9F077017; Fri, 21 Feb 2025 08:11:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L8BqSu077014; Fri, 21 Feb 2025 08:11:52 GMT (envelope-from git) Date: Fri, 21 Feb 2025 08:11:52 GMT Message-Id: <202502210811.51L8BqSu077014@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 3c0a0de20ffe - main - pf.conf.5: rephrase log() documentation List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3c0a0de20ffe9d35a0347ce2d19460e84aac808e Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=3c0a0de20ffe9d35a0347ce2d19460e84aac808e commit 3c0a0de20ffe9d35a0347ce2d19460e84aac808e Author: Kristof Provost AuthorDate: 2025-02-14 15:11:04 +0000 Commit: Kristof Provost CommitDate: 2025-02-21 08:11:03 +0000 pf.conf.5: rephrase log() documentation after some discussion with henning, document the various log options as one section; some text was altered to make it read better; ok henning Obtained from: OpenBSD, jmc , cea6f9db1f Sponsored by: Rubicon Communications, LLC ("Netgate") --- share/man/man5/pf.conf.5 | 56 ++++++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 478ce7b956f9..704f43a30f83 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1711,38 +1711,49 @@ If neither nor .Ar out are specified, the rule will match packets in both directions. -.It Ar log -In addition to the action specified, a log message is generated. +.It Ar log Pq Cm all | matches | to Ao Ar interface Ac | Cm user +In addition to any action specified, +log the packet. Only the packet that establishes the state is logged, unless the .Ar no state option is specified. The logged packets are sent to a .Xr pflog 4 -interface, by default -.Ar pflog0 . -This interface is monitored by the +interface, by default pflog0; +pflog0 is monitored by the .Xr pflogd 8 -logging daemon, which dumps the logged packets to the file +logging daemon which logs to the file .Pa /var/log/pflog in .Xr pcap 3 binary format. -.It Ar log (all) -Used to force logging of all packets for a connection. +.Pp +The keywords +.Cm all , matches , to , +and +.Cm user +are all optional, +and can be combined using commas. +.Pp +Use +.Cm all +to force logging of all packets for a connection. This is not necessary when .Ar no state is explicitly specified. -As with -.Ar log , -packets are logged to -.Xr pflog 4 . -.It Ar log (matches) -Log this packet on all subsequent matching rules, using the log settings -given here, in particular to the pflog interface specified here so that -regular pflogs are not clobbered. -.It Ar log (user) -Logs the +.Pp +If +.Cm matches +is specified, +it logs the packet on all subsequent matching rules. +It is often combined with +.Cm to Aq Ar interface +to avoid adding noise to the default log file. +.Pp +The keyword +.Cm user +logs the .Ux user ID of the user that owns the socket and the PID of the process that has the socket open where the packet is sourced from or destined to @@ -1753,11 +1764,10 @@ Only the first packet logged via .Ar log (all, user) will have the user credentials logged when using stateful matching. -.It Ar log (to Aq Ar interface ) -Send logs to the specified -.Xr pflog 4 -interface instead of -.Ar pflog0 . +.Pp +To specify a logging interface other than pflog0, +use the syntax +.Cm to Aq Ar interface . .It Ar quick If a packet matches a rule which has the .Ar quick