From owner-freebsd-pf@FreeBSD.ORG  Tue Apr  4 13:10:32 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8804516A401
	for <freebsd-pf@freebsd.org>; Tue,  4 Apr 2006 13:10:32 +0000 (UTC)
	(envelope-from bill.marquette@gmail.com)
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.198])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E158843D46
	for <freebsd-pf@freebsd.org>; Tue,  4 Apr 2006 13:10:31 +0000 (GMT)
	(envelope-from bill.marquette@gmail.com)
Received: by uproxy.gmail.com with SMTP id m3so871874ugc
	for <freebsd-pf@freebsd.org>; Tue, 04 Apr 2006 06:10:30 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=FGVJl46TJnE+S9khsa09zNBj4cSm3DCYUano8/UAZpQxeJ1+qCzlXMZ+PAHFYl0hAiKoM1BQbm+FVNLvFrdwMzyvlWELUSFb3nlHgi7c2w8thwdfkTKVK5QriBQVZnJ74Aqgwy/FWJdj7LvJOedBKtCMNW1uyaRp9ZdRE7RKFgo=
Received: by 10.78.39.16 with SMTP id m16mr167521hum;
	Tue, 04 Apr 2006 06:10:30 -0700 (PDT)
Received: by 10.78.46.14 with HTTP; Tue, 4 Apr 2006 06:10:30 -0700 (PDT)
Message-ID: <55e8a96c0604040610s6be12570m77293780b0c0e7c5@mail.gmail.com>
Date: Tue, 4 Apr 2006 08:10:30 -0500
From: "Bill Marquette" <bill.marquette@gmail.com>
To: freebsd-pf@freebsd.org
In-Reply-To: <55e8a96c0604040501y719b4241ue9d989263797c8dc@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <1144132192.47587.8.camel@siseci.gdg.gov.tr>
	<55e8a96c0604040501y719b4241ue9d989263797c8dc@mail.gmail.com>
Subject: Re: Log tag
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2006 13:10:32 -0000

On 4/4/06, Bill Marquette <bill.marquette@gmail.com> wrote:
> On 4/4/06, N. Ersen SISECI <siseci@gmail.com> wrote:
> >
> >
> > Hi,
> >
> > Is it possible to label the log entries?
> > We can do it in IPF with set-tag (log=3D48).
> > Is there a similiar method in PF?
> >
> >
> > IPF Rule:
> > pass in log first quick on bge0 proto tcp from any to 10.1.2.3 port =3D=
 22
> > flags S/SA keep state keep frags set-tag (log=3D110)
> >
> > IPF Log entry:
> > 04/04/2006 09:26:00.982095 bge0 @0:3 p 10.1.2.3,57221 ->
> > 192.168.90.12,22 PR tcp len 20 64 -S K-S K-F OUT log-tag 110
>
> The "label" keyword is what you want (and gives you a plain text
> description instead of number?!?!?! ouch).
>
> pass in log from foo to bar label "foo to bar rule"

It's early...this was incorrect advice.  The labels only show in pfctl
-sr, not in /dev/pflog0.  I'm not sure if there's a way to make this
show up in  /dev/pflog0.

--Bill