Logged Network Packet Enhancements
On SunScreen, the log contains network traffic that arrives on multiple link-layer interfaces in a contemporarily interspersed manner. For this reason, it is important to record the interface upon which the traffic was received. The interface is noted by the name of its Solaris device (for example, le0, elx0).
Note -
For snoop, the interface being monitored is specified as a command-line option. This information is not retained in the snoop-produced capture file.
Additionally, you can configure the packet Screen to log network traffic for a variety of reasons, such as packets that passed successfully, those that failed to match rules, those that arrived after session state expired, and so forth. This reason is recorded as an unsigned integer, commonly referred to as the why code. (See Appendix D, Error Messages for a complete table of these reasons.)
logdump displays these extended items and allows filtering based on these extended items as shown in TABLE 11-3.
Table 11-3 Extended Items for logdump|
Extended Items for logdump |
Description |
|---|---|
|
logiface interface |
Example of what you use to restrict, based on interface, the logiface. It takes as its argument the name (or name prefix) of the interface desired. The name is compared in a case-insensitive manner. For example, to restrict log events to network traffic arriving on any qe network device, you would type logiface qe. |
|
logwhy # |
Example of what you use to restrict based on the reason a packet was logged. The logwhy operator takes as its argument a number representing a reason code described above. For example, to restrict log events to network traffic that was passed and logged, you would type logwhy 1. |
- © 2010, Oracle Corporation and/or its affiliates