1.TH ipmon 8 2.SH NAME 3ipmon \- monitors /dev/ipl for logged packets 4.SH SYNOPSIS 5.B ipmon 6[
| 1.TH ipmon 8 2.SH NAME 3ipmon \- monitors /dev/ipl for logged packets 4.SH SYNOPSIS 5.B ipmon 6[
|
7.B \-asfnSN
| 7.B \-aFhnNsStvxX
|
8] [
| 8] [
|
9<filename>
| 9.B "\-f <device>" 10] [ 11.B <filename>
|
10] 11.SH DESCRIPTION 12.LP 13\fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from 14the packet filter. The binary data read from the device is reprinted in 15human readable for, however, IP#'s are not mapped back to hostnames, nor are 16ports mapped back to service names. The output goes to standard output by 17default or a filename, if given on the command line. Should the \fB\-s\fP 18option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent 19via syslog have the day, month and year removed from the message, but the 20time (including microseconds), as recorded in the log, is still included. 21.SH OPTIONS 22.TP
| 12] 13.SH DESCRIPTION 14.LP 15\fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from 16the packet filter. The binary data read from the device is reprinted in 17human readable for, however, IP#'s are not mapped back to hostnames, nor are 18ports mapped back to service names. The output goes to standard output by 19default or a filename, if given on the command line. Should the \fB\-s\fP 20option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent 21via syslog have the day, month and year removed from the message, but the 22time (including microseconds), as recorded in the log, is still included. 23.SH OPTIONS 24.TP
|
| 25.B \-a 26Open all of the device logfiles for reading log entries from. All entries 27are displayed to the same output 'device' (stderr or syslog). 28.TP 29.B "\-f <device>" 30specify an alternative device/file from which to read the log information. 31.TP 32.B \-F 33Flush the current packet log buffer. The number of bytes flushed is displayed, 34even should the result be zero. 35.TP 36.B \-n 37IP addresses and port numbers will be mapped, where possible, back into 38hostnames and service names. 39.TP 40.B \-N 41Treat the logfile as being composed of NAT log records. 42.TP
|
23.B \-s 24Packet information read in will be sent through syslogd rather than 25saved to a file. The following levels are used: 26.IP 27.B LOG_INFO 28\- packets logged using the "log" keyword as the action rather 29than pass or block. 30.IP 31.B LOG_NOTICE 32\- packets logged which are also passed 33.IP 34.B LOG_WARNING 35\- packets logged which are also blocked 36.IP 37.B LOG_ERR 38\- packets which have been logged and which can be considered 39"short". 40.TP
| 43.B \-s 44Packet information read in will be sent through syslogd rather than 45saved to a file. The following levels are used: 46.IP 47.B LOG_INFO 48\- packets logged using the "log" keyword as the action rather 49than pass or block. 50.IP 51.B LOG_NOTICE 52\- packets logged which are also passed 53.IP 54.B LOG_WARNING 55\- packets logged which are also blocked 56.IP 57.B LOG_ERR 58\- packets which have been logged and which can be considered 59"short". 60.TP
|
41.B \-a 42Open all of the device logfiles for reading log entries from.
| 61.B \-S 62Treat the logfile as being composed of state log records.
|
43.TP
| 63.TP
|
44.B \-f 45Flush the current packet log buffer. The number of bytes flushed is displayed, 46even should the result be zero.
| 64.B \-t 65read the input file/device in a manner akin to tail(1).
|
47.TP
| 66.TP
|
48.B \-n 49IP addresses and port numbers will be mapped, where possible, back into 50hostnames and service names.
| 67.B \-x 68show the packet data in hex.
|
51.TP
| 69.TP
|
52.B \-N 53Treat the logfile as being composed of NAT log records. 54.TP 55.B \-S 56Treat the logfile as being composed of state log records.
| 70.B \-X 71show the log header record data in hex.
|
57.SH DIAGNOSTICS 58\fBipmon\fP expects data that it reads to be consistant with how it should be 59saved and will abort if it fails an assertion which detects an anomoly in the 60recorded data. 61.SH FILES 62/dev/ipl 63.SH SEE ALSO 64ipf(1), ipfstat(1) 65.SH BUGS
| 72.SH DIAGNOSTICS 73\fBipmon\fP expects data that it reads to be consistant with how it should be 74saved and will abort if it fails an assertion which detects an anomoly in the 75recorded data. 76.SH FILES 77/dev/ipl 78.SH SEE ALSO 79ipf(1), ipfstat(1) 80.SH BUGS
|