From owner-freebsd-pf@FreeBSD.ORG  Tue Apr  4 13:23:01 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0CC3816A401
	for <freebsd-pf@freebsd.org>; Tue,  4 Apr 2006 13:23:01 +0000 (UTC)
	(envelope-from hdemir@metu.edu.tr)
Received: from tenedos.general.services.metu.edu.tr
	(tenedos.general.services.metu.edu.tr [144.122.144.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7AED543D45
	for <freebsd-pf@freebsd.org>; Tue,  4 Apr 2006 13:22:58 +0000 (GMT)
	(envelope-from hdemir@metu.edu.tr)
Received: from simena.user.services.metu.edu.tr
	(simena.user.services.metu.edu.tr [144.122.144.15])
	by tenedos.general.services.metu.edu.tr (8.13.6/8.13.6) with ESMTP id
	k34DMs7D023808; Tue, 4 Apr 2006 16:22:54 +0300
Received: (from hdemir@localhost)
	by simena.user.services.metu.edu.tr (8.13.6/8.13.6/Submit) id
	k34DMsDm3215494; Tue, 4 Apr 2006 16:22:54 +0300
Date: Tue, 4 Apr 2006 16:22:53 +0300
From: husnu demir <hdemir@metu.edu.tr>
To: Bill Marquette <bill.marquette@gmail.com>
Message-ID: <20060404132253.GA3293270@metu.edu.tr>
References: <1144132192.47587.8.camel@siseci.gdg.gov.tr>
	<55e8a96c0604040501y719b4241ue9d989263797c8dc@mail.gmail.com>
	<55e8a96c0604040610s6be12570m77293780b0c0e7c5@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <55e8a96c0604040610s6be12570m77293780b0c0e7c5@mail.gmail.com>
User-Agent: Mutt/1.5.10i
X-Virus-Scanned: ClamAV 0.88/1374/Tue Apr 4 08:50:45 2006 on
	tenedos.general.services.metu.edu.tr
X-Virus-Status: Clean
Cc: freebsd-pf@freebsd.org
Subject: Re: Log tag
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2006 13:23:01 -0000


On Tue, Apr 04, 2006 at 08:10:30AM -0500, Bill Marquette wrote:
> On 4/4/06, Bill Marquette <bill.marquette@gmail.com> wrote:
> > On 4/4/06, N. Ersen SISECI <siseci@gmail.com> wrote:
> > >
> > >
> > > Hi,
> > >
> > > Is it possible to label the log entries?
> > > We can do it in IPF with set-tag (log=48).
> > > Is there a similiar method in PF?
> > >
> > >
> > > IPF Rule:
> > > pass in log first quick on bge0 proto tcp from any to 10.1.2.3 port = 22
> > > flags S/SA keep state keep frags set-tag (log=110)
> > >
> > > IPF Log entry:
> > > 04/04/2006 09:26:00.982095 bge0 @0:3 p 10.1.2.3,57221 ->
> > > 192.168.90.12,22 PR tcp len 20 64 -S K-S K-F OUT log-tag 110
> >
> > The "label" keyword is what you want (and gives you a plain text
> > description instead of number?!?!?! ouch).
> >
> > pass in log from foo to bar label "foo to bar rule"
> 
> It's early...this was incorrect advice.  The labels only show in pfctl
> -sr, not in /dev/pflog0.  I'm not sure if there's a way to make this
> show up in  /dev/pflog0.


does "tcpdump -ttt -e -i pflog0 -n" show the rule number. so this may be used as label :) At least I get used that info extensively.


> 
> --Bill
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"


Husnu Demir.