From owner-freebsd-security Thu Feb 28 18:36:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id D476337B405 for ; Thu, 28 Feb 2002 18:36:45 -0800 (PST) Received: from isc.org (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.11.6/8.11.2) with ESMTP id g212aA104411; Fri, 1 Mar 2002 13:36:13 +1100 (EST) (envelope-from marka@isc.org) Message-Id: <200203010236.g212aA104411@drugs.dv.isc.org> To: "Christian Gielstrup" Cc: freebsd-security@freebsd.org From: Mark.Andrews@isc.org Subject: Re: resolve ipaddr and ports in logs In-reply-to: Your message of "Fri, 01 Mar 2002 03:09:22 BST." <004b01c1c0c6$1b413380$7800000a@gielstrup.dk> Date: Fri, 01 Mar 2002 13:36:10 +1100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Greetings from Denmark.. > > Is it possible to have the ipaddresses and ports resolved on the rules = > that are logged? > I mean simular to the output produced by ipfw -N s > > E.g every connection reaching to my last reachable rule (/sbin/ipfw a = > 999 deny l a f a t a). (Default 65535 rule is missing the log option) > It would be nice if ip's and ports could be resolved into names, via = > DNS, host file and the services file. > I realize the extra load this could give a fw under "attack", but who = > isn`t limiting the log amount. You want the kernel to perform DNS lookups for you? Just post process the logs if you want this information. Mark > > Best regards, > > Christian > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message