watching the log in real time

CZUCZY Gergely gergely.czuczy at harmless.hu
Mon Mar 17 14:35:45 UTC 2008 

On Mon, 17 Mar 2008 14:50:18 +0100
"Stephan F. Yaraghchi" <stephan at yaraghchi.org> wrote:

> Hi,
Hello,

> 
> I have a question concerning the logging of pf on FreeBSD 7.0-RELEASE.
> 
> When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time
> I'm getting pretty brief output like:
> 
> 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip]
> 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip]
> 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip]
> 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip]
> 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip]
> 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip]
> 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip]
> 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip]
[| means that it wasn't able to decode the packet farthermore, becase the
snaplength is too small. Adjust it with -s, and check man tcpdmp


> 
> 
> When I look back into the history of the log with 'tcpdump -netttt -r
> /var/log/pflog' the output is much more verbose:
> 
> 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1:
> 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
> ACKET(138)
> 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1:
> 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
> ACKET(138)
> 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1:
> 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
> ACKET(138)
> 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1:
> 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
> ACKET(138)
> 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1:
> 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
> ACKET(138)
> 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1:
> 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
> 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1:
> 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
> 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1:
> 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
> 
> 
> What do I have to do to see that much info while watching the log in real
> time?
> 


-- 
Üdvölettel,

Czuczy Gergely
Harmless Digital Bt
mailto: gergely.czuczy at harmless.hu
Tel: +36-30-9702963
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20080317/546c3cc3/signature.pgp

More information about the freebsd-pf mailing list