Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfctl -s states like tail -f

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 6 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tonysud
      last edited by

      hi
      is there a way I can simulate the tail -f with pfctl so that I can see live what's happening?

      I don't like pftop, I'd like to be able to see lines as text  (not ncurses) so I can redirect text to file.log and grep after one day

      please help me
      thanks

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Why can't you just pipe it?
        pfctl - s states | tail

        edit- fix typos

        1 Reply Last reply Reply Quote 0
        • T
          tonysud
          last edited by

          If I run this command, I see the states, and then it get into shell prompt again

          I'd like to have it running so that if a new state if made, I see a newline at the screen

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            You might try using:

            pftop -ro age
            

            Or other sorting options may suit you better.

            Steve

            1 Reply Last reply Reply Quote 0
            • T
              tonysud
              last edited by

              no, I don't want to use pftop

              I want something text only, so that new lines are added one after others

              something like tail -f /var/log/messages
              (it's a text only system)
              I would need something like this

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                pfTop is text only:

                pfTop: Up State 1-52/612, View: default, Order: age (rev), Cache: 10000                                                17:01:32
                
                PR        DIR SRC                       DEST                               STATE                AGE       EXP     PKTS    BYTES
                tcp       In  172.27.10.238:54238       172.21.16.1:10050            SYN_SENT:ESTABLISHED  00:00:00  00:15:00        2      120
                tcp       In  172.27.10.238:54248       172.21.16.1:10050            SYN_SENT:ESTABLISHED  00:00:00  00:15:00        2      120
                ipv6-icmp Out fe80::1:1[0]              fe80::208:a2ff:fe09:3709[  NO_TRAFFIC:NO_TRAFFIC   00:00:00  00:00:20        1       72
                ipv6-icmp In  fe80::208:a2ff:fe09:3709[ fe80::1:1[49152]           NO_TRAFFIC:NO_TRAFFIC   00:00:00  00:00:20        1       64
                tcp       In  172.27.10.238:54130       172.21.16.1:10050          FIN_WAIT_2:FIN_WAIT_2   00:00:01  00:02:59       10      574
                tcp       In  172.27.10.238:54014       172.21.16.1:10050          FIN_WAIT_2:FIN_WAIT_2   00:00:02  00:02:59       10      605
                tcp       In  172.27.10.238:54020       172.21.16.1:10050          FIN_WAIT_2:FIN_WAIT_2   00:00:02  00:02:58       11      622
                tcp       In  172.27.10.238:54026       172.21.16.1:10050          FIN_WAIT_2:FIN_WAIT_2   00:00:02  00:02:59       10      608
                tcp       In  172.27.10.238:53904       172.21.16.1:10050          FIN_WAIT_2:FIN_WAIT_2   00:00:03  00:02:57       10      581
                

                You mean you need a file of single text lines with no header?

                What are you wanting to do with this?

                Steve

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  "so I can redirect text to file.log and grep after one day"

                  Seems like he wants to log every state as created..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Ha, it would help if I managed to read the first post in it's entirety I guess.  ::)

                    Ok….

                    1 Reply Last reply Reply Quote 0
                    • T
                      tonysud
                      last edited by

                      @johnpoz:

                      Seems like he wants to log every state as created..

                      YES, It's exactly what I want to do

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        wouldn't it just be easier to log your allowed traffic and send that to syslog?

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • T
                          tonysud
                          last edited by

                          for me it's easier to read

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            There is no way to do what you're after as-is.

                            You could maybe rig something up with just the right tcpdump parameters against the pflog interface or maybe use pfsync in some way, but we don't have anything in place that would log state activity in a way that would give you what you're after.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • K
                              kpa
                              last edited by

                              You could possibly look at how the pflogd daemon is implemented and roll your own version that does the same for the state tables.

                              https://svnweb.freebsd.org/base/releng/11.1/contrib/pf/pflogd/

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Mmm, that may be possible. Seems quite extreme though.  ;)

                                I would think that adding logging and an appropriate description on the pass rules you want to know about would allow you filter exported logs. Simply exporting them to a log analyser may be good enough for what you want to see.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • T
                                  tonysud
                                  last edited by

                                  Simply exporting them to a log analyser may be good enough for what you want to see.

                                  is there a free log analyser for pfsense log?

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Graylog seems pretty popular though I've not used it myself.

                                    There are a number of detailed write-ups out there for different solutions, I guess it depends how deep you want to go.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • T
                                      tonysud
                                      last edited by

                                      no updates?
                                      in linux thereis conntrack -E command which does what I need
                                      no alternative for pfsense?

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.