Re: pflogging

On Tue, Mar 18, 2003 at 01:59:31PM -0800, Bryan Irvine wrote:
> Is there a way to pipe only parts of pf to a log file?  Or a different
> log file?
you can filter rule number, for instance:
tcpdump -n -e -ttt -r /var/log/pflog rulenum 73
where 73 is the rule number of the you want to see
you can also define more complex filters, see tcpdump(8) for details.
You can also use the same filtering expressions to direct matched
log packets to a different file by running a different instance of
pflogd -f /var/log/otherlog rulenum 73