ipfwlog man page on BSDOS

Man page or keyword search:  
man Server   6284 pages
apropos Keyword Search (all sections)
Output format
BSDOS logo
[printable version]

IPFWLOG(8)		  BSD System Manager's Manual		    IPFWLOG(8)

NAME
     ipfwlog - display BSD IP Filter logging

SYNOPSIS
     ipfwlog [-cdknRx] [-b bits] [-l logfile] [-L facility.priority] [-m mask]
	     [-r rcvsize] [-fIiOo] [file]

DESCRIPTION
     The ipfwlog utility displays packets returned from a BSD IP Filter, or
     from file. If file is specified then it should contain packets previously
     stored by ipfwlog using the -R and -l options.

     The options available are:

     -b	     Require the specified user bits be set.  The user bits are speci-
	     fied by a mask in the range of 0x00 - 0xff

     -c	     Unless -c is specified, IPFW informational messages (such as cir-
	     cuits closing) are not displayed.

     -d	     Run as a daemon, requires the -l option as well.  The PID of the
	     running process will be store in /var/run/ipfwlog.pid

     -k	     Send a SIGHUP to the currently running ipfwlog daemon (started
	     with -d) before doing any logging.	 This is typically used when
	     reading from a raw packet log being generated by an ipfwlog dae-
	     mon to force it to close and reopen the logfile.  This can also
	     be used when rotating log files.  If file is not specified then
	     ipfwlog will exit after sending the SIGHUP.

     -L	     Rather than logging to a file, log to syslog.  The values that
	     facility and priority can take are listed in syslog(3).  Either
	     or both of these may be absent.  Using just ``.''	will use the
	     default priority of notice and the default facility of user.

     -l	     Rather than logging to standard output, log to the file named
	     logfile.

     -m	     Specify the mask to use when checking the user bits.  The mask in
	     the range of 0x00 - 0xff.

     -n	     Do not do reverse name lookup on IP addresses or port number
	     lookups.

     -R	     Run in raw mode, store the raw packets received for future inter-
	     rogation.

     -r	     Change the receive buffer on the logging socket to rcvsize bytes.

     -x	     When not using raw mode, also display the context of the packet
	     in HEX.

     -f	     Display packets from the forwarding BSD IP Filter.

     -I	     Display packets from the pre-input BSD IP Filter.

     -i	     Display packets from the input BSD IP Filter.

     -O	     Display packets from the pre-output BSD IP Filter.

     -o	     Display packets from the output BSD IP Filter.

OUTPUT
     The output format produced by ipfwlog depends on the type of packet being
     logged.  All packets start with the following fields:

     date    The year/month/day the packet was logged.

     time    The hour:minute:second the packet was logged.

     disposition
	     This is a single character field which is one of:

	     <space>
		     An empty space implies this packet was accepted by the
		     filter and is only be reported.

	     !	     The packet was rejected by the filter.

	     c	     This is a control message from the filter.	 For example,
		     a circuit cache has concluded a TCP circuit entry.

     filter  This is a single character field which is appended to the above
	     field.  It may be one of:

	     f	     The forward filter reported this packet.

	     I	     The pre-input filter reported this packet.

	     i	     The input filter reported this packet.

	     O	     The pre-output filter reported this packet.

	     o	     The output filter reported this packet.

     user-code
	     The two byte user code, displayed in hex.	See ipfwcmp(8) for
	     more information on user codes.

     srcaddr
	     The source IP address associated with the packet.

     dstaddr
	     The destination IP address associated with the packet.

     The remaining fields are dependent on the version of IP and the protocol.
     IPv4 packets will have the flag and fragment information display.	The
     following 3 flags may be displayed:

     R	     The reserved bit was set, this should not happen.

     D	     The don't fragment bit was set.

     M	     The more fragments bit was set.

     If this packet is not the initial fragment of the packet (the offset
     field is not zero) then frag @ offset will be printed.

     Both UDP and TCP packets will have their source and destination ports
     displayed.	 In addition, TCP will display the TCP flags:

     F	     The FIN bit was set.

     S	     The SYN bit was set.

     R	     The RESET bit was set.

     P	     The PUSH bit was set.

     A	     The ACK bit was set.

     U	     The URGENT bit was set.

     4	     The reserved bit 0x40 was set.

     8	     The reserved bit 0x80 was set.

     ICMP packets will display the type and code of the packet.

     Packets of other protocols display Pprotocol where protocol is the proto-
     col number listed in the IP packet.

     Packets other than IPv4, IPv6, or IPFW control packets are displayed only
     as IPvversion where version is the IP version of the packet.

BUGS
     This program is just slightly better than the "Pooh" variety, having just
     slightly more than very little brain.

SEE ALSO
     ipfw(8)

4th Berkeley Distribution      November 12, 1996			     3
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server BSDOS

List of man pages available for BSDOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net