You should create a separate log file to record Solaris IP Filter data. Refer to How to Set Up a Log File for Solaris IP Filter.
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
View the state, NAT, or normal log files. To view a log file, type the following command, using the appropriate option:
# ipmon -o [S|N|I] filename |
Displays the state log file.
Displays the NAT log file.
Displays the normal IP log file.
To view all state, NAT, and normal log files, use all the options:
# ipmon -o SNI filename |
Provided that you have manually stopped the ipmon daemon first, you can also use the following command to display state, NAT, and Solaris IP filter log files:
# ipmon -a filename |
Do not use the ipmon -a syntax if the ipmon daemon is still running. Normally, the daemon is automatically started during system boot. Issuing the ipmon -a command also opens another copy of ipmon. In such a case, both copies read the same log information, and only one gets a particular log message.
For more information about viewing log files, see the ipmon(1M) man page.
The following example shows the output from /var/ipmon.log.
# ipmon -o SNI /var/ipmon.log 02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN |
or
# pkill ipmon # ipmon -aD /var/ipmon.log 02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 129.146.157.145 PR icmp len 20 84 icmp echo/0 IN |