How to View Oracle Solaris IP Filter Log Files

Before You Begin

You should create a separate log file to record Oracle Solaris IP Filter data. Refer to How to Set Up a Log File for Oracle Solaris IP Filter.

1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

   You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. View the state, NAT, or normal log files. To view a log file, type the following command, using the appropriate option:

   # ipmon -o [S|N|I] filename

   S

   Displays the state log file.

   N

   Displays the NAT log file.

   I

   Displays the normal IP log file.

   To view all state, NAT, and normal log files, use all the options:

   # ipmon -o SNI filename

   • Provided that you have manually stopped the ipmon daemon first, you can also use the following command to display state, NAT, and Oracle Solaris IP filter log files:

     # ipmon -a filename

     ---

     Note –

     Do not use the ipmon -a syntax if the ipmon daemon is still running. Normally, the daemon is automatically started during system boot. Issuing the ipmon -a command also opens another copy of ipmon. In such a case, both copies read the same log information, and only one gets a particular log message.

     ---

   For more information about viewing log files, see the ipmon(1M) man page.

Example 26–22 Viewing Oracle Solaris IP Filter Log Files

The following example shows the output from /var/ipmon.log.

# ipmon -o SNI /var/ipmon.log
02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 
129.146.157.145 PR icmp len 20 84 icmp echo/0 IN

or

# pkill ipmon
# ipmon -aD /var/ipmon.log
02/09/2004 15:27:20.606626 hme0 @0:1 p 129.146.157.149 -> 
129.146.157.145 PR icmp len 20 84 icmp echo/0 IN