From owner-freebsd-pf@FreeBSD.ORG Mon Mar 17 14:17:22 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71BB8106566B for ; Mon, 17 Mar 2008 14:17:22 +0000 (UTC) (envelope-from yaraghchi@gmail.com) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.191]) by mx1.freebsd.org (Postfix) with ESMTP id EEA808FC1D for ; Mon, 17 Mar 2008 14:17:21 +0000 (UTC) (envelope-from yaraghchi@gmail.com) Received: by gv-out-0910.google.com with SMTP id n40so1058801gve.39 for ; Mon, 17 Mar 2008 07:17:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=BTWni2udJq2idV2ASXfSnRcpAn/HpmGMsg5B4lSeSfQ=; b=I8s0AWMYzVAGAO43UZwiXAFXiw781h+9sfG4VxnkWOOReQze6bs0NGRxRw6E1DenKzs9HDJJebozVETj1HyZJzdOje0OnCVyT2C3KZbdiW3BAnTMCi0c0Sa6R+lfwCUsFzFrjmCPIMvwbMObbEz9kgjfeF6P6k2Smr6BaIRAR0s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=esrrTzsQRs0Kstg5jYvLkZsl7tVeU25NTEYTVplkW+9lKh0ctT2CBvZivUXskrURuzPn6UiLWNRF4BeyJVuq9HR52Aq0CMQAW7KgkG1/ZX2oDobh8mK1FnpaTOdqDi8SpfcTgxBj9mphTiUxQtT8m3oP6+4mroTIcyYwfEGs7ss= Received: by 10.150.212.14 with SMTP id k14mr136135ybg.148.1205761818546; Mon, 17 Mar 2008 06:50:18 -0700 (PDT) Received: by 10.150.182.21 with HTTP; Mon, 17 Mar 2008 06:50:18 -0700 (PDT) Message-ID: <25f52a3d0803170650j72beaeev51105ed0713f7867@mail.gmail.com> Date: Mon, 17 Mar 2008 14:50:18 +0100 From: "Stephan F. Yaraghchi" Sender: yaraghchi@gmail.com To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Google-Sender-Auth: 14f2482f9292ca5c Subject: watching the log in real time X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2008 14:17:22 -0000 Hi, I have a question concerning the logging of pf on FreeBSD 7.0-RELEASE. When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time I'm getting pretty brief output like: 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip] 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip] 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip] 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip] 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip] 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip] 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip] 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip] When I look back into the history of the log with 'tcpdump -netttt -r /var/log/pflog' the output is much more verbose: 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P ACKET(138) 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P ACKET(138) 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P ACKET(138) 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P ACKET(138) 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: 192.168.204.4.138 > 192.168.204.255.138: NBT UDP P ACKET(138) 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: 192.168.204.10.138 > 192.168.204.255.138: NBT UDP PACKET(138) What do I have to do to see that much info while watching the log in real t= ime? --=20 Mit freundlichen Gr=FC=DFen / with kind regards +++ stephan f. yaraghchi +++ mail: stephan at yaraghchi dot org www.deine-stimme-gegen-armut.de