From owner-freebsd-questions@FreeBSD.ORG  Mon May 22 13:59:05 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9C20316A5B1
	for <freebsd-questions@freebsd.org>;
	Mon, 22 May 2006 13:59:05 +0000 (UTC)
	(envelope-from ianchov@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 66B4043D55
	for <freebsd-questions@freebsd.org>;
	Mon, 22 May 2006 13:59:04 +0000 (GMT)
	(envelope-from ianchov@gmail.com)
Received: by ug-out-1314.google.com with SMTP id m3so1346159uge
	for <freebsd-questions@freebsd.org>;
	Mon, 22 May 2006 06:59:03 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
	b=qkLkYyOXUcIlnLi0c7ZItuXdsf776YqfykW+1vjfKBMb2Wmt0QoHYY0nb6c+Swk3oH5iihxsRSp8QFtbeSUHfbkHxdDO66D9X7S/RipiHrjMUYUVssDkfXKXEMSRbSscGMCg3MV+Wia2PXDfEN9WTwjAtM7kLzfiTPYxCF1rQmY=
Received: by 10.78.57.11 with SMTP id f11mr1104852hua;
	Mon, 22 May 2006 06:59:03 -0700 (PDT)
Received: by 10.78.16.16 with HTTP; Mon, 22 May 2006 06:59:02 -0700 (PDT)
Message-ID: <18e02bd30605220659m10680b26hf1342958157e2f57@mail.gmail.com>
Date: Mon, 22 May 2006 16:59:02 +0300
From: "Iantcho Vassilev" <ianchov@gmail.com>
To: "FreeBSD Mailing List" <freebsd-questions@freebsd.org>
In-Reply-To: <20060522131634.GW29183@math.jussieu.fr>
MIME-Version: 1.0
References: <20060522131634.GW29183@math.jussieu.fr>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: pflog
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2006 13:59:09 -0000

On 5/22/06, Albert Shih <shih@math.jussieu.fr> wrote:
>
> Hi all
>
> I want to use pf (actually I use ipfw).
>
> Well after I read the openbsd book, I always don't known how can I log the
> log of pf (with pflog) using syslog and I don't want (if it's possible) to
> write anything in my hard-disk (event it's temporaly, because it's virtual
> disk, I'm running vmware).
>
> Regards.



Hi!

When you write your rules, you put "log" in them..


example:
pass in quick log proto tcp from any to any keep state


then you have to have pflogd started(pflog_enable="YES" in /etc/rc.conf).

When pflog is started your binary log is lcated on /var/log/pflog

you can read it witH:
tcpdump -n -t -r /var/log/pflog

if you want real time(because pflog is where is written with some delay)
tcpdump -n -t -i pflog0