Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

How to View IP Filter Log Files

Before You Begin

You have completed How to Set Up a Log File for IP Filter.

You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  • View the state, NAT, or normal log files.

    To view a log file, type the following command, using the appropriate option:

    # ipmon -o [S|N|I] filename
    S

    Displays the state log file.

    N

    Displays the NAT log file.

    I

    Displays the normal IP log file.

    • To view all state, NAT, and normal log files, use all the options:
      # ipmon -o SNI filename
    • After you stop the ipmon daemon, you can use the ipmon command to display state, NAT, and IP filter log files:
      # pkill ipmon
      # ipmon -a filename

      Note -  Do not use the ipmon -a syntax if the ipmon daemon is still running. Normally, the daemon is automatically started during system boot. By issuing the ipmon -a command, you open another copy of ipmon. Then, both copies read the same log information, but only one gets a particular log message.

    For more information about viewing log files, see the ipmon(1M) man page.

Example 25  Viewing IP Filter Log Files

The following example shows the output from /var/ipmon.log.

# ipmon -o SNI /var/ipmon.log
02/09/2012 15:27:20.606626 net0 @0:1 p 192.0.2.7 -> 
192.0.2.8 PR icmp len 20 84 icmp echo/0 IN

or

# pkill ipmon
# ipmon -aD /var/ipmon.log
02/09/2012 15:27:20.606626 net0 @0:1 p 192.0.2.7 -> 
192.0.2.8 PR icmp len 20 84 icmp echo/0 IN