pflog's format
Giorgos Keramidas
keramida at ceid.upatras.gr
Fri Feb 25 15:51:17 GMT 2005
On 2005-02-25 16:28, kilim <kilim at phenix.rootshell.be> wrote:
> when reading pf's log the messages usually have the following format:
>
> 189977 rule 0/0(match): block out on ste0: IP (tos 0x0, ttl 63, id
> 38539, offse t 0, flags [DF], length: 40)
>
> Instead of "xxxxxx number rule" how can I get date and time
> displayed/logged ?
Try using tcpdump with the proper options on `/var/log/pflog':
# Wrapped under 80 columns output...
orion:/root# tcpdump -tttt -n -v -r /var/log/pflog | head -5
reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
2005-01-10 16:32:54.010282 IP (tos 0x0, ttl 1, id 17146, offset 0, flags
[none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3
report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2005-01-10 16:32:54.687811 IP (tos 0x0, ttl 1, id 17156, offset 0, flags
[none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3
report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2005-01-10 16:33:24.011554 IP (tos 0x0, ttl 1, id 17218, offset 0, flags
[none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3
report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2005-01-10 16:33:24.723533 IP (tos 0x0, ttl 1, id 17219, offset 0, flags
[none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3
report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2005-01-19 11:05:24.429801 IP (tos 0x0, ttl 1, id 22604, offset 0, flags
[none], length: 40, optlength: 4 ( RA )) 10.6.0.202 > 224.0.0.22: igmp v3
report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
More information about the freebsd-questions
mailing list