On Sat, Feb 01, 2003 at 10:54:44PM -0500, Jason Dixon wrote: > I just noticed an odd entry into one of my firewall's logs earlier this > evening. It looks like this: > > Feb 1 21:10:02 cortez pf: cookie: > d581cae75f749704->0000000000000000 msgid: 00000000 len: 680
This is printed by tcpdump's print-ike.c, pf logged an IPsec/IKE packet and you ran tcpdump with options to print the protocol header. The line you quoted is preceded by other lines for the same packet, which will show the IP source and destination address. Why this is turning up in syslog, I don't know. You must have some process running that syslogs tcpdump'ed pflog packets... Daniel
