watching the log in real time

Stephan F. Yaraghchi stephan at yaraghchi.org
Mon Mar 17 15:05:52 UTC 2008


Cheers mate!

you solved my problem...

On Mon, Mar 17, 2008 at 3:22 PM, CZUCZY Gergely
<gergely.czuczy at harmless.hu> wrote:
> On Mon, 17 Mar 2008 14:50:18 +0100
>  "Stephan F. Yaraghchi" <stephan at yaraghchi.org> wrote:
>
>  > Hi,
>  Hello,
>
>
>  >
>  > I have a question concerning the logging of pf on FreeBSD 7.0-RELEASE.
>  >
>  > When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time
>  > I'm getting pretty brief output like:
>  >
>  > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip]
>  [| means that it wasn't able to decode the packet farthermore, becase the
>  snaplength is too small. Adjust it with -s, and check man tcpdmp
>
>
>
>
>  >
>  >
>  > When I look back into the history of the log with 'tcpdump -netttt -r
>  > /var/log/pflog' the output is much more verbose:
>  >
>  > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1:
>  > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
>  > ACKET(138)
>  > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1:
>  > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
>  > ACKET(138)
>  > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1:
>  > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
>  > ACKET(138)
>  > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1:
>  > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
>  > ACKET(138)
>  > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1:
>  > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P
>  > ACKET(138)
>  > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1:
>  > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
>  > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1:
>  > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
>  > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1:
>  > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138)
>  >
>  >
>  > What do I have to do to see that much info while watching the log in real
>  > time?
>  >
>
>
>  --
>  Üdvölettel,
>
>  Czuczy Gergely
>  Harmless Digital Bt
>  mailto: gergely.czuczy at harmless.hu
>  Tel: +36-30-9702963
>



-- 
Mit freundlichen Grüßen / with kind regards


+++ stephan f. yaraghchi

+++ lychener str. 61a
+++ 10437 berlin, germany
+++
+++ mail stephan at yaraghchi.org
+++ phone +49 30 44650068
+++ cell +49 172 3111534

www.deine-stimme-gegen-armut.de


More information about the freebsd-pf mailing list