Date: Mon, 17 Mar 2008 16:05:48 +0100 From: "Stephan F. Yaraghchi" <stephan@yaraghchi.org> To: "CZUCZY Gergely" <gergely.czuczy@harmless.hu> Cc: freebsd-pf@freebsd.org Subject: Re: watching the log in real time Message-ID: <25f52a3d0803170805g7fc3e782qfe2e85abe861a4b1@mail.gmail.com> In-Reply-To: <20080317152212.00227d1c@twoflower.in.publishing.hu> References: <25f52a3d0803170650j72beaeev51105ed0713f7867@mail.gmail.com> <20080317152212.00227d1c@twoflower.in.publishing.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Cheers mate! you solved my problem... On Mon, Mar 17, 2008 at 3:22 PM, CZUCZY Gergely <gergely.czuczy@harmless.hu> wrote: > On Mon, 17 Mar 2008 14:50:18 +0100 > "Stephan F. Yaraghchi" <stephan@yaraghchi.org> wrote: > > > Hi, > Hello, > > > > > > I have a question concerning the logging of pf on FreeBSD 7.0-RELEASE. > > > > When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time > > I'm getting pretty brief output like: > > > > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip] > [| means that it wasn't able to decode the packet farthermore, becase th= e > snaplength is too small. Adjust it with -s, and check man tcpdmp > > > > > > > > > > When I look back into the history of the log with 'tcpdump -netttt -r > > /var/log/pflog' the output is much more verbose: > > > > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: > > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) > > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: > > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) > > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: > > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) > > > > > > What do I have to do to see that much info while watching the log in r= eal > > time? > > > > > -- > =DCdv=F6lettel, > > Czuczy Gergely > Harmless Digital Bt > mailto: gergely.czuczy@harmless.hu > Tel: +36-30-9702963 > --=20 Mit freundlichen Gr=FC=DFen / with kind regards +++ stephan f. yaraghchi +++ lychener str. 61a +++ 10437 berlin, germany +++ +++ mail stephan@yaraghchi.org +++ phone +49 30 44650068 +++ cell +49 172 3111534 www.deine-stimme-gegen-armut.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25f52a3d0803170805g7fc3e782qfe2e85abe861a4b1>