1.TH ipmon 8
2.SH NAME
3ipmon \- monitors /dev/ipl for logged packets
4.SH SYNOPSIS
5.B ipmon
6[
| 1.TH ipmon 8
2.SH NAME
3ipmon \- monitors /dev/ipl for logged packets
4.SH SYNOPSIS
5.B ipmon
6[
|
7.B \-asfnSN
| 7.B \-aFhnNsStvxX
|
8] [
| 8] [
|
9<filename>
| 9.B "\-f <device>"
10] [
11.B <filename>
|
10]
11.SH DESCRIPTION
12.LP
13\fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from
14the packet filter. The binary data read from the device is reprinted in
15human readable for, however, IP#'s are not mapped back to hostnames, nor are
16ports mapped back to service names. The output goes to standard output by
17default or a filename, if given on the command line. Should the \fB\-s\fP
18option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent
19via syslog have the day, month and year removed from the message, but the
20time (including microseconds), as recorded in the log, is still included.
21.SH OPTIONS
22.TP
| 12]
13.SH DESCRIPTION
14.LP
15\fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from
16the packet filter. The binary data read from the device is reprinted in
17human readable for, however, IP#'s are not mapped back to hostnames, nor are
18ports mapped back to service names. The output goes to standard output by
19default or a filename, if given on the command line. Should the \fB\-s\fP
20option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent
21via syslog have the day, month and year removed from the message, but the
22time (including microseconds), as recorded in the log, is still included.
23.SH OPTIONS
24.TP
|
| 25.B \-a
26Open all of the device logfiles for reading log entries from. All entries
27are displayed to the same output 'device' (stderr or syslog).
28.TP
29.B "\-f <device>"
30specify an alternative device/file from which to read the log information.
31.TP
32.B \-F
33Flush the current packet log buffer. The number of bytes flushed is displayed,
34even should the result be zero.
35.TP
36.B \-n
37IP addresses and port numbers will be mapped, where possible, back into
38hostnames and service names.
39.TP
40.B \-N
41Treat the logfile as being composed of NAT log records.
42.TP
|
23.B \-s
24Packet information read in will be sent through syslogd rather than
25saved to a file. The following levels are used:
26.IP
27.B LOG_INFO
28\- packets logged using the "log" keyword as the action rather
29than pass or block.
30.IP
31.B LOG_NOTICE
32\- packets logged which are also passed
33.IP
34.B LOG_WARNING
35\- packets logged which are also blocked
36.IP
37.B LOG_ERR
38\- packets which have been logged and which can be considered
39"short".
40.TP
| 43.B \-s
44Packet information read in will be sent through syslogd rather than
45saved to a file. The following levels are used:
46.IP
47.B LOG_INFO
48\- packets logged using the "log" keyword as the action rather
49than pass or block.
50.IP
51.B LOG_NOTICE
52\- packets logged which are also passed
53.IP
54.B LOG_WARNING
55\- packets logged which are also blocked
56.IP
57.B LOG_ERR
58\- packets which have been logged and which can be considered
59"short".
60.TP
|
41.B \-a
42Open all of the device logfiles for reading log entries from.
| 61.B \-S
62Treat the logfile as being composed of state log records.
|
43.TP
| 63.TP
|
44.B \-f
45Flush the current packet log buffer. The number of bytes flushed is displayed,
46even should the result be zero.
| 64.B \-t
65read the input file/device in a manner akin to tail(1).
|
47.TP
| 66.TP
|
48.B \-n
49IP addresses and port numbers will be mapped, where possible, back into
50hostnames and service names.
| 67.B \-x
68show the packet data in hex.
|
51.TP
| 69.TP
|
52.B \-N
53Treat the logfile as being composed of NAT log records.
54.TP
55.B \-S
56Treat the logfile as being composed of state log records.
| 70.B \-X
71show the log header record data in hex.
|
57.SH DIAGNOSTICS
58\fBipmon\fP expects data that it reads to be consistant with how it should be
59saved and will abort if it fails an assertion which detects an anomoly in the
60recorded data.
61.SH FILES
62/dev/ipl
63.SH SEE ALSO
64ipf(1), ipfstat(1)
65.SH BUGS
| 72.SH DIAGNOSTICS
73\fBipmon\fP expects data that it reads to be consistant with how it should be
74saved and will abort if it fails an assertion which detects an anomoly in the
75recorded data.
76.SH FILES
77/dev/ipl
78.SH SEE ALSO
79ipf(1), ipfstat(1)
80.SH BUGS
|