From owner-freebsd-pf@FreeBSD.ORG Mon Mar 17 15:05:52 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5BA20106564A for ; Mon, 17 Mar 2008 15:05:52 +0000 (UTC) (envelope-from yaraghchi@gmail.com) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.188]) by mx1.freebsd.org (Postfix) with ESMTP id C55208FC33 for ; Mon, 17 Mar 2008 15:05:51 +0000 (UTC) (envelope-from yaraghchi@gmail.com) Received: by gv-out-0910.google.com with SMTP id n40so1076846gve.39 for ; Mon, 17 Mar 2008 08:05:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=dEKkt0POIq/F+3n+aGMtnVgz9s9emi1h+GRNFQG4Xn4=; b=B80VmE7URbNcXTcURPAwXaub596NFlh0JjqE1O57Pf4tje+Bbc7rvt34eo16oDgCbSvAobCdIMWjnoJ4KE+OErAasgZ1eDPO5EvjbHHMLAPJiAT4wCpjILaU/Kl/ClL6uSRSVs3GFeDa1JKGhpzW0qM5+J9rQTSzaUg5aOxBz0U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=OCkq1/03H+ix1PWs4jHUSdVRaocHFajP6fJO3iCJJc/CSubU7tV83eTdnkOWM52pi6lzD4dQGCY5/9HVw4WBza0z/uBBBuepBYsDo59CmxA2A+H8Xf+TOLvC/ol5EEbPCzilZ7VlMTyKQe5uSnFxaG4eanfuodMlc7SVKcPyfso= Received: by 10.150.218.10 with SMTP id q10mr201711ybg.50.1205766348712; Mon, 17 Mar 2008 08:05:48 -0700 (PDT) Received: by 10.150.182.21 with HTTP; Mon, 17 Mar 2008 08:05:48 -0700 (PDT) Message-ID: <25f52a3d0803170805g7fc3e782qfe2e85abe861a4b1@mail.gmail.com> Date: Mon, 17 Mar 2008 16:05:48 +0100 From: "Stephan F. Yaraghchi" Sender: yaraghchi@gmail.com To: "CZUCZY Gergely" In-Reply-To: <20080317152212.00227d1c@twoflower.in.publishing.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <25f52a3d0803170650j72beaeev51105ed0713f7867@mail.gmail.com> <20080317152212.00227d1c@twoflower.in.publishing.hu> X-Google-Sender-Auth: 21ea095b6d901cf8 Cc: freebsd-pf@freebsd.org Subject: Re: watching the log in real time X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2008 15:05:52 -0000 Cheers mate! you solved my problem... On Mon, Mar 17, 2008 at 3:22 PM, CZUCZY Gergely wrote: > On Mon, 17 Mar 2008 14:50:18 +0100 > "Stephan F. Yaraghchi" wrote: > > > Hi, > Hello, > > > > > > I have a question concerning the logging of pf on FreeBSD 7.0-RELEASE. > > > > When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time > > I'm getting pretty brief output like: > > > > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip] > > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip] > [| means that it wasn't able to decode the packet farthermore, becase th= e > snaplength is too small. Adjust it with -s, and check man tcpdmp > > > > > > > > > > When I look back into the history of the log with 'tcpdump -netttt -r > > /var/log/pflog' the output is much more verbose: > > > > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: > > 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P > > ACKET(138) > > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: > > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) > > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: > > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) > > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: > > 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) > > > > > > What do I have to do to see that much info while watching the log in r= eal > > time? > > > > > -- > =DCdv=F6lettel, > > Czuczy Gergely > Harmless Digital Bt > mailto: gergely.czuczy@harmless.hu > Tel: +36-30-9702963 > --=20 Mit freundlichen Gr=FC=DFen / with kind regards +++ stephan f. yaraghchi +++ lychener str. 61a +++ 10437 berlin, germany +++ +++ mail stephan@yaraghchi.org +++ phone +49 30 44650068 +++ cell +49 172 3111534 www.deine-stimme-gegen-armut.de