From owner-freebsd-questions@FreeBSD.ORG Fri Feb 25 15:51:17 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92CD516A4CE for ; Fri, 25 Feb 2005 15:51:17 +0000 (GMT) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1FB243D54 for ; Fri, 25 Feb 2005 15:51:15 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226])j1PFp1hO022884; Fri, 25 Feb 2005 17:51:04 +0200 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) j1PFpAMm055675; Fri, 25 Feb 2005 17:51:10 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost)j1PFpA1R055674; Fri, 25 Feb 2005 17:51:10 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Fri, 25 Feb 2005 17:51:10 +0200 From: Giorgos Keramidas To: kilim Message-ID: <20050225155110.GA55587@orion.daedalusnetworks.priv> References: <20050225152810.GA9271@phenix.rootshell.be> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050225152810.GA9271@phenix.rootshell.be> cc: freebsd-questions@freebsd.org Subject: Re: pflog's format X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Feb 2005 15:51:17 -0000 On 2005-02-25 16:28, kilim wrote: > when reading pf's log the messages usually have the following format: > > 189977 rule 0/0(match): block out on ste0: IP (tos 0x0, ttl 63, id > 38539, offse t 0, flags [DF], length: 40) > > Instead of "xxxxxx number rule" how can I get date and time > displayed/logged ? Try using tcpdump with the proper options on `/var/log/pflog': # Wrapped under 80 columns output... orion:/root# tcpdump -tttt -n -v -r /var/log/pflog | head -5 reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file) 2005-01-10 16:32:54.010282 IP (tos 0x0, ttl 1, id 17146, offset 0, flags [none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2005-01-10 16:32:54.687811 IP (tos 0x0, ttl 1, id 17156, offset 0, flags [none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2005-01-10 16:33:24.011554 IP (tos 0x0, ttl 1, id 17218, offset 0, flags [none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2005-01-10 16:33:24.723533 IP (tos 0x0, ttl 1, id 17219, offset 0, flags [none], length: 40, optlength: 4 ( RA )) 10.6.0.201 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2005-01-19 11:05:24.429801 IP (tos 0x0, ttl 1, id 22604, offset 0, flags [none], length: 40, optlength: 4 ( RA )) 10.6.0.202 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]