summaryrefslogtreecommitdiff
path: root/usr/src/man/man1m/ipmon.1m
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man1m/ipmon.1m')
-rw-r--r--usr/src/man/man1m/ipmon.1m416
1 files changed, 0 insertions, 416 deletions
diff --git a/usr/src/man/man1m/ipmon.1m b/usr/src/man/man1m/ipmon.1m
deleted file mode 100644
index 8873fe41c1..0000000000
--- a/usr/src/man/man1m/ipmon.1m
+++ /dev/null
@@ -1,416 +0,0 @@
-'\" te
-.\" To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
-.\" location.
-.\" Portions Copyright (c) 2008, Sun Microsystems Inc. All Rights Reserved.
-.\" Portions Copyright (c) 2013, Joyent, Inc. All Rights Reserved.
-.TH IPMON 1M "Oct 30, 2013"
-.SH NAME
-ipmon \- monitors /dev/ipl for logged packets
-.SH SYNOPSIS
-.LP
-.nf
-\fBipmon\fR [\fB-abDFhnpstvxX\fR] [\fB-N\fR \fIdevice\fR] [ [o] [NSI]] [\fB-O\fR [NSI]]
- [\fB-P\fR \fIpidfile\fR] [\fB-S\fR \fIdevice\fR] [\fB-f\fR \fIdevice\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fIfilename\fR]
-.fi
-
-.SH DESCRIPTION
-.LP
-The \fBipmon\fR command is part of a suite of commands associated with the
-Solaris IP Filter feature. See \fBipfilter\fR(5).
-.sp
-.LP
-The \fBipmon\fR command opens \fB/dev/ipl\fR for reading and awaits data to be
-saved from the packet filter. The binary data read from the device is reprinted
-in human readable form. However, IP addresses are not mapped back to hostnames,
-nor are ports mapped back to service names. The output goes to standard output,
-by default, or a filename, if specified on the command line. Should the
-\fB-s\fR option be used, output is sent instead to \fBsyslogd\fR(1M). Messages
-sent by means of \fBsyslog\fR have the day, month, and year removed from the
-message, but the time (including microseconds), as recorded in the log, is
-still included.
-.sp
-.LP
-Messages generated by \fBipmon\fR consist of whitespace-separated fields.
-Fields common to all messages are:
-.RS +4
-.TP
-.ie t \(bu
-.el o
-The date of packet receipt. This is suppressed when the message is sent to
-\fBsyslog\fR.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-The time of packet receipt. This is in the form
-\fIHH\fR:\fIMM\fR:\fISS\fR.\fIF\fR, for hours, minutes, seconds, and fractions
-of a second (which can be several digits long).
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-The name of the interface on which the packet was processed, for example,
-\fBib1\fR.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-The group and rule number of the rule, for example, \fB@0:17\fR. These can be
-viewed with \fBipfstat\fR \fB-in\fR for input rules or \fBipfstat\fR \fB-in\fR
-for output rules. See \fBipfstat\fR(1M).
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-The action: \fBp\fR for passed, \fBb\fR for blocked, \fBs\fR for a short
-packet, \fBn\fR did not match any rules, or \fBL\fR for a log rule.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-The addresses. This is actually three fields: the source address and port
-(separated by a comma), the symbol \(->, and the destination address and port.
-For example: \fB209.53.17.22,80 \(-> 198.73.220.17,1722\fR.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-\fBPR\fR followed by the protocol name or number, for example, \fBPR tcp\fR.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-\fBlen\fR followed by the header length and total length of the packet, for
-example, \fBlen 20 40\fR.
-.RE
-.sp
-.LP
-If the packet is a TCP packet, there will be an additional field starting with
-a hyphen followed by letters corresponding to any flags that were set. See
-\fBipf.conf\fR(4) for a list of letters and their flags.
-.sp
-.LP
-If the packet is an ICMP packet, there will be two fields at the end, the first
-always being \fBicmp\fR, the next being the ICMP message and submessage type,
-separated by a slash. For example, \fBicmp 3/3\fR for a port unreachable
-message.
-.SH OPTIONS
-.LP
-The following options are supported:
-.sp
-.ne 2
-.na
-\fB\fB-a\fR\fR
-.ad
-.sp .6
-.RS 4n
-Open all of the device logfiles for reading log entries. All entries are
-displayed to the same output device (stderr or syslog).
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-b\fR\fR
-.ad
-.sp .6
-.RS 4n
-For rules which log the body of a packet, generate hex output representing the
-packet contents after the headers.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-D\fR\fR
-.ad
-.sp .6
-.RS 4n
-Cause \fBipmon\fR to turn itself into a daemon. Using subshells or
-backgrounding of \fBipmon\fR is not required to turn it into an orphan so it
-can run indefinitely.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-f\fR \fIdevice\fR\fR
-.ad
-.sp .6
-.RS 4n
-Specify an alternative device/file from which to read the log information for
-normal IP Filter log records.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-F\fR\fR
-.ad
-.sp .6
-.RS 4n
-Flush the current packet log buffer. The number of bytes flushed is displayed,
-even if the result is zero.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-h\fR\fR
-.ad
-.sp .6
-.RS 4n
-Displays usage information.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-n\fR\fR
-.ad
-.sp .6
-.RS 4n
-IP addresses and port numbers will be mapped, where possible, back into
-hostnames and service names.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-N\fR \fIdevice\fR\fR
-.ad
-.sp .6
-.RS 4n
-Set the logfile to be opened for reading NAT log records from or to
-\fIdevice\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-o\fR \fIletter\fR\fR
-.ad
-.sp .6
-.RS 4n
-Specify which log files from which to actually read data. \fBN\fR, NAT logfile;
-\fBS\fR, state logfile; \fBI\fR, normal IP Filter logfile. The \fB-a\fR option
-is equivalent to using \fB-o\fR \fBNSI\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-O\fR \fIletter\fR\fR
-.ad
-.sp .6
-.RS 4n
-Specify which log files you do not wish to read from. This is most commonly
-used in conjunction with the \fB-a\fR. Letters available as parameters are the
-same as for \fB-o\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-p\fR\fR
-.ad
-.sp .6
-.RS 4n
-Cause the port number in log messages always to be printed as a number and
-never attempt to look it up.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-P\fR \fIpidfile\fR\fR
-.ad
-.sp .6
-.RS 4n
-Write the PD of the \fBipmon\fR process to a file. By default this is
-\fB/var/run/ipmon.pid\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-s\fR\fR
-.ad
-.sp .6
-.RS 4n
-Packet information read in will be sent through \fBsyslogd\fR rather than saved
-to a file. The default facility when compiled and installed is \fBlocal0\fR.
-The following levels are used:
-.sp
-.ne 2
-.na
-\fB\fBLOG_INFO\fR\fR
-.ad
-.sp .6
-.RS 4n
-Packets logged using the \fBlog\fR keyword as the action rather than \fBpass\fR
-or \fBblock\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBLOG_NOTICE\fR\fR
-.ad
-.sp .6
-.RS 4n
-Packets logged that are also passed.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBLOG_WARNING\fR\fR
-.ad
-.sp .6
-.RS 4n
-Packets logged that are also blocked.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBLOG_ERR\fR\fR
-.ad
-.sp .6
-.RS 4n
-Packets that have been logged and that can be considered "short".
-.RE
-
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-S\fR \fIdevice\fR\fR
-.ad
-.sp .6
-.RS 4n
-Set the logfile to be opened for reading state log records from or to
-\fIdevice\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-t\fR\fR
-.ad
-.sp .6
-.RS 4n
-Read the input file/device in the way performed by \fBtail\fR(1).
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-v\fR\fR
-.ad
-.sp .6
-.RS 4n
-Show TCP \fBwindow\fR, \fBack\fR, and \fBsequence\fR fields
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-x\fR\fR
-.ad
-.sp .6
-.RS 4n
-Show the packet data in hex.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-X\fR\fR
-.ad
-.sp .6
-.RS 4n
-Show the log header record data in hex.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-z\fR \fIzonename\fR\fR
-.ad
-.sp .6
-.RS 4n
-Monitor packets the specified zone's in-zone filter. If neither this option
-nor \fB-G\fR is specified, the current zone is used. This command is only
-available in the Global Zone. See \fBZONES\fR in \fBipf\fR(1m) for more
-information.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-G\fR \fIzonename\fR\fR
-.ad
-.sp .6
-.RS 4n
-Monitor packets for the specified zone's global zone controlled filter. If
-neither this option nor \fB-z\fR is specified, the current zone is used. This
-command is only available in the Global Zone. See \fBZONES\fR in \fBipf\fR(1m)
-for more information.
-.RE
-
-.SH FILES
-.RS +4
-.TP
-.ie t \(bu
-.el o
-\fB/dev/ipl\fR
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-\fB/dev/ipnat\fR
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-\fB/dev/ipstate\fR
-.RE
-.SH ATTRIBUTES
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE ATTRIBUTE VALUE
-_
-Interface Stability Committed
-.TE
-
-.SH SEE ALSO
-.LP
-\fBipf\fR(1M), \fBipfstat\fR(1M), \fBipnat\fR(1M), \fBattributes\fR(5),
-\fBipfilter\fR(5), \fBzones(5)\fR
-.sp
-.LP
-\fI\fR
-.SH DIAGNOSTICS
-.LP
-\fBipmon\fR expects data that it reads to be consistent with how it should be
-saved and aborts if it fails an assertion which detects an anomaly in the
-recorded data.
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-04 06:50:45 +0000