Thanks! I just commited this patch.
In the future please submit patches as unified diffs (-u).
Thanks again!
Scott
On 8/9/05, M. Kohn <[EMAIL PROTECTED]> wrote:
> Ok, ok, I'll reply to my own post...
>
> > It is not a "realtime" logger? I can see a bunch of log
> > entrys only every 5-10 minutes on the remote syslog system
> > and the web pages.
> >
> > And on the pfSense system pflogd is running with
> > "-s 2147483647" as snaplen (2 GB?).
>
> I tried the following patch for /etc/inc/filter.inc:
>
> 52c52
> < mwexec("/sbin/ifconfig pflog0 up && pflogd -sD");
> ---
> > mwexec("/sbin/ifconfig pflog0 up && pflogd");
> 54c54
> < mwexec_bg("/usr/sbin/tcpdump -n -e -ttt -i pflog0 | logger -t pf -p
> local0.info");
> ---
> > mwexec_bg("/usr/sbin/tcpdump -l -n -e -ttt -i pflog0 | logger -t pf
> > -p local0.info");
>
> Now the packet filter logs (nearly) realtime to my syslog host.
> And the snaplen shows now 116 byte.
>
> <-- snip -->
> 266 ?? Is 0:00.00 pflogd: [priv] (pflogd)
> 269 ?? S 0:00.02 pflogd: [running] -s 116 -f /var/log/pflog (pflogd)
> 268 con- S 0:00.03 /usr/sbin/tcpdump -l -n -e -ttt -i pflog0
> <-- snip -->
>
> Is there any reason not to start pflogd/tcpdump in such way?
>
> > BTW: I also can't traceroute to the firewall wan-interface,
> > ping is OK. Rules for ACCESS UDP are added. Thera are no
> > log entry for these packets.
>
> Any thougt, why traceroute is not working? I enebled UDP
> port 33465:33495 (30 hops), enabled ICMP "time exceeded"
> but pfSense don't respond... Even when I allow all ICMP,
> there is no response....
>
> Regards,
> Michael
>
