1997-01-05 16:06:38 +03:00
|
|
|
.TH ipmon 8
|
|
|
|
|
.SH NAME
|
|
|
|
|
ipmon \- monitors /dev/ipl for logged packets
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
|
.B ipmon
|
|
|
|
|
[
|
1997-09-21 20:47:50 +04:00
|
|
|
.B \-aFhnNsStvxX
|
1997-01-05 16:06:38 +03:00
|
|
|
] [
|
1997-09-21 20:47:50 +04:00
|
|
|
.B "\-f <device>"
|
|
|
|
|
] [
|
|
|
|
|
.B <filename>
|
1997-01-05 16:06:38 +03:00
|
|
|
]
|
|
|
|
|
.SH DESCRIPTION
|
|
|
|
|
.LP
|
|
|
|
|
\fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from
|
|
|
|
|
the packet filter. The binary data read from the device is reprinted in
|
|
|
|
|
human readable for, however, IP#'s are not mapped back to hostnames, nor are
|
|
|
|
|
ports mapped back to service names. The output goes to standard output by
|
|
|
|
|
default or a filename, if given on the command line. Should the \fB\-s\fP
|
|
|
|
|
option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent
|
|
|
|
|
via syslog have the day, month and year removed from the message, but the
|
|
|
|
|
time (including microseconds), as recorded in the log, is still included.
|
|
|
|
|
.SH OPTIONS
|
|
|
|
|
.TP
|
1997-09-21 20:47:50 +04:00
|
|
|
.B \-a
|
|
|
|
|
Open all of the device logfiles for reading log entries from. All entries
|
|
|
|
|
are displayed to the same output 'device' (stderr or syslog).
|
|
|
|
|
.TP
|
|
|
|
|
.B "\-f <device>"
|
|
|
|
|
specify an alternative device/file from which to read the log information.
|
|
|
|
|
.TP
|
|
|
|
|
.B \-F
|
|
|
|
|
Flush the current packet log buffer. The number of bytes flushed is displayed,
|
|
|
|
|
even should the result be zero.
|
|
|
|
|
.TP
|
|
|
|
|
.B \-n
|
|
|
|
|
IP addresses and port numbers will be mapped, where possible, back into
|
|
|
|
|
hostnames and service names.
|
|
|
|
|
.TP
|
|
|
|
|
.B \-N
|
|
|
|
|
Treat the logfile as being composed of NAT log records.
|
|
|
|
|
.TP
|
1997-01-05 16:06:38 +03:00
|
|
|
.B \-s
|
|
|
|
|
Packet information read in will be sent through syslogd rather than
|
|
|
|
|
saved to a file. The following levels are used:
|
|
|
|
|
.IP
|
|
|
|
|
.B LOG_INFO
|
|
|
|
|
\- packets logged using the "log" keyword as the action rather
|
|
|
|
|
than pass or block.
|
|
|
|
|
.IP
|
|
|
|
|
.B LOG_NOTICE
|
|
|
|
|
\- packets logged which are also passed
|
|
|
|
|
.IP
|
|
|
|
|
.B LOG_WARNING
|
|
|
|
|
\- packets logged which are also blocked
|
|
|
|
|
.IP
|
|
|
|
|
.B LOG_ERR
|
|
|
|
|
\- packets which have been logged and which can be considered
|
|
|
|
|
"short".
|
|
|
|
|
.TP
|
1997-09-21 20:47:50 +04:00
|
|
|
.B \-S
|
|
|
|
|
Treat the logfile as being composed of state log records.
|
1997-05-28 02:16:47 +04:00
|
|
|
.TP
|
1997-09-21 20:47:50 +04:00
|
|
|
.B \-t
|
|
|
|
|
read the input file/device in a manner akin to tail(1).
|
1997-01-05 16:06:38 +03:00
|
|
|
.TP
|
1997-09-21 20:47:50 +04:00
|
|
|
.B \-x
|
|
|
|
|
show the packet data in hex.
|
1997-05-28 02:16:47 +04:00
|
|
|
.TP
|
1997-09-21 20:47:50 +04:00
|
|
|
.B \-X
|
|
|
|
|
show the log header record data in hex.
|
1997-01-05 16:06:38 +03:00
|
|
|
.SH DIAGNOSTICS
|
|
|
|
|
\fBipmon\fP expects data that it reads to be consistant with how it should be
|
|
|
|
|
saved and will abort if it fails an assertion which detects an anomoly in the
|
|
|
|
|
recorded data.
|
|
|
|
|
.SH FILES
|
|
|
|
|
/dev/ipl
|
|
|
|
|
.SH SEE ALSO
|
1997-11-24 00:05:38 +03:00
|
|
|
ipf(8), ipfstat(8)
|
1997-01-05 16:06:38 +03:00
|
|
|
.SH BUGS
|
