Logged Network Packet Enhancements
On SunScreen, the log contains network traffic that arrives on multiple link-layer interfaces in a con temporally-interspersed manner. For this reason, it is important to record the interface upon which the traffic was received. The interface is memorialized by the name of its Solaris device (for example, le0, elx0).
Note -
For snoop, the interface being monitored is specified as a command-line option. This information is not retained in the snoop-produced capture file.
Additionally, the SunScreen packet Screen is configurable to log network traffic for a variety of reasons, such as packets that were passed successfully, those that failed to match rules, those that arrived after session state expired, and so forth. This reason is recorded as an unsigned integer, commonly referred to as the why code. (See Appendix D, "Error Messages," for a complete table of these reasons in "Logged Packet Reasons.")
logdump displays these extended items and allows filtering based on these extended items.
The following is an example of what you type to restrict, based on interface, the logiface. It takes as its argument the name (or name prefix) of the interface desired. The name is compared in a case-insensitive manner. For example, to restrict log events to network traffic arriving on any qe network device, you would type:
% ... logiface qe ... |
The following is an example of what you type to restrict based on the reason a packet was logged, the logwhy operator is provided. It takes as its argument a number representing a reason code described above. For example, to restrict log events to network traffic that was passed and logged, you would type:
% ... logwhy 1 ... |
- © 2010, Oracle Corporation and/or its affiliates