watching the log in real time

Stephan F. Yaraghchi stephan at yaraghchi.org
Mon Mar 17 15:07:28 UTC 2008


Thank you, too!

On Mon, Mar 17, 2008 at 3:50 PM, Jeremy Chadwick <koitsu at freebsd.org> wrote:
> On Mon, Mar 17, 2008 at 02:50:18PM +0100, Stephan F. Yaraghchi wrote:
>  > When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time
>  > I'm getting pretty brief output like:
>  >
>  > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip]
>
>  Choose a larger snaplen size for tcpdump to use, e.g. tcpdump -s 1024.
>  Don't pick something absurdly large.
>
>  There is a discussion as to whether or not tcpdump on FreeBSD should
>  default to using a larger snaplen size (128 would be good).
>
>  --
>  | Jeremy Chadwick                                    jdc at parodius.com |
>  | Parodius Networking                           http://www.parodius.com/ |
>  | UNIX Systems Administrator                      Mountain View, CA, USA |
>  | Making life hard for others since 1977.                  PGP: 4BD6C0CB |
>
>  _______________________________________________
>  freebsd-pf at freebsd.org mailing list
>  http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>  To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>



-- 
Mit freundlichen Grüßen / with kind regards


+++ stephan f. yaraghchi

+++ lychener str. 61a
+++ 10437 berlin, germany
+++
+++ mail stephan at yaraghchi.org
+++ phone +49 30 44650068
+++ cell +49 172 3111534

www.deine-stimme-gegen-armut.de


More information about the freebsd-pf mailing list