Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Jan 2017 19:44:03 -0300
From:      Mario Lobo <lobo@bsd.com.br>
To:        Stari Karp <starikarp@yandex.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: pf log
Message-ID:  <20170127194403.6f9b41cc@Papi>
In-Reply-To: <1485545547.5165.1.camel@yandex.com>
References:  <1485539914.4837.6.camel@yandex.com> <a0d0904b-20c1-f4d7-4497-f96934b1cf7f@gmail.com> <1485545547.5165.1.camel@yandex.com>
index | next in thread | previous in thread | raw e-mail 

On Fri, 27 Jan 2017 14:32:27 -0500
Stari Karp <starikarp@yandex.com> wrote:

> On Fri, 2017-01-27 at 12:35 -0600, Noel wrote:
> > On 1/27/2017 11:58 AM, Stari Karp wrote:  
> > > 
> > > Hi!
> > > 
> > > I am using pf firewall on FreeBSD 11.0-RELEASE (amd64). In
> > > /etc/rc.conf
> > > I have:
> > > 
> > > pf_enable="YES"
> > > pflog_enable="YES"
> > > 
> > > I made a new pf.conf on January 8th and in/var/log I have pflog
> > > and after that nothing more. The file has just
> > > "Ôò¡............t...u..."
> > > 
> > > Is it normal or is something wrong, please?
> > >   
> > 
> > That's normal.  The pflog is a binary log (not human readable) you
> > can read with tcpdump.  See the handbook for details.
> > 
> > 
> >   
> tcpdump -v -r /var/log/pflog
> reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog
> file).
> 
> I have nothing in log as I update 10.3 release to FreeBSD-11.0-RELEASE
> 
> I forgot to say that I use FreeBSD as a desktop.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"

From "man pflog"

EXAMPLES
     Create a pflog interface and monitor all packets logged on it:

           # ifconfig pflog1 up
           # tcpdump -n -e -ttt -i pflog1

-- 
Mario Lobo
http://www.mallavoodoo.com.br
FreeBSD since 2.2.8 [not Pro-Audio.... YET!!]
 
"UNIX was not designed to stop you from doing stupid things, 
because that would also stop you from doing clever things."
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170127194403.6f9b41cc>