ipmon(8)                                                 ipmon(8)


NAME
       ipmon - monitors /dev/ipl for logged packets



SYNOPSIS
       ipmon  [  -aFhnstvxX  ]  [  -o  [NSI]  ] [ -O [NSI] ] [ -N
       <device> ] [ -S <device> ] [ -f <device> ] [ <filename> ]

DESCRIPTION
       ipmon opens /dev/ipl for reading and  awaits  data  to  be
       saved  from  the packet filter.  The binary data read from
       the device is reprinted in human  readable  for,  however,
       IP#'s  are  not  mapped  back  to hostnames, nor are ports
       mapped back to service names.  The output goes to standard
       output  by  default or a filename, if given on the command
       line.  Should the -s option be  used,  output  is  instead
       sent  to  syslogd(8).   Messages  sent via syslog have the
       day, month and year removed from the message, but the time
       (including microseconds), as recorded in the log, is still
       included.

OPTIONS
       -a     Open all of the device  logfiles  for  reading  log
              entries  from.   All  entries  are displayed to the
              same output 'device' (stderr or syslog).

       -f <device>
              specify an alternative device/file  from  which  to
              read  the  log information for normal IP Filter log
              records.

       -F     Flush the current packet log buffer.  The number of
              bytes  flushed is displayed, even should the result
              be zero.

       -N <device>
              Set the logfile to be opened for  reading  NAT  log
              records from to <device>.

       -n     IP addresses and port numbers will be mapped, where
              possible, back into hostnames and service names.

       -N <device>
              Set the logfile to be opened for  reading  NAT  log
              records from to <device>.

       -o     Specify which log files to actually read data from.
              N - NAT logfile, S - State logfile, I -  normal  IP
              Filter  logfile.   The  -a  option is equivalent to
              using -o NSI.

       -O     Specify which log files you do  not  wish  to  read
              from.   This  is  most  sensibly  used with the -a.
              Letters available as paramters to this are the same
              as for -o.



                                                                1





ipmon(8)                                                 ipmon(8)


       -s     Packet  information  read  in  will be sent through
              syslogd rather than saved to a file.  The following
              levels are used:

       -S <device>
              Set  the logfile to be opened for reading state log
              records from to <device>.


                     LOG_INFO
              - packets logged using the  "log"  keyword  as  the
              action rather than pass or block.

              LOG_NOTICE - packets logged which are also passed

              LOG_WARNING - packets logged which are also blocked

              LOG_ERR - packets which have been logged and  which
              can be considered "short".

       -S     Treat  the  logfile  as being composed of state log
              records.

       -t     read the input file/device  in  a  manner  akin  to
              tail(1).

       -x     show the packet data in hex.

       -X     show the log header record data in hex.

DIAGNOSTICS
       ipmon expects data that it reads to be consistent with how
       it should be saved and will abort if it fails an assertion
       which detects an anomaly in the recorded data.

FILES
       /dev/ipl

SEE ALSO
       ipf(8), ipfstat(8)

BUGS















                                                                2