watching the log in real time

Stephan F. Yaraghchi stephan at yaraghchi.org
Mon Mar 17 14:17:22 UTC 2008


Hi,

I have a question concerning the logging of pf on FreeBSD 7.0-RELEASE.

When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time
I'm getting pretty brief output like:

2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip]
2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip]
2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip]
2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip]
2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip]
2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip]
2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip]
2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip]


When I look back into the history of the log with 'tcpdump -netttt -r
/var/log/pflog' the output is much more verbose:

2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1:
192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
ACKET(138)
2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1:
192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
ACKET(138)
2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1:
192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
ACKET(138)
2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1:
192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
ACKET(138)
2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1:
192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
ACKET(138)
2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1:
192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1:
192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1:
192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)


What do I have to do to see that much info while watching the log in real time?

-- 
Mit freundlichen Grüßen / with kind regards


+++ stephan f. yaraghchi

+++ mail: stephan at yaraghchi dot org

www.deine-stimme-gegen-armut.de


More information about the freebsd-pf mailing list