Well, I wish I could say the same here .... I have
UDPs showing up but not TCP.
all I have in the formatted view ...
Jan 7 16:54:57 WAN 66.67.229.184:27336
24.39.185.77:1026 UDP
and here is the raw view ...
Jan 7 16:42:43 pf: tcpdump: WARNING: pflog0: no
IPv4 address assigned
Jan 7 16:42:43 pf: tcpdump: verbose output
suppressed, use -v or -vv for full protocol decode
Jan 7 16:42:43 pf: listening on pflog0, link-type
PFLOG (OpenBSD pflog file), capture size 96 bytes
Jan 7 16:42:53 pf: 000000 rule 34/0(match): block
in on fxp1: 24.39.106.226.9662 > 24.39.185.77.445:
S 1507362970:1507362970(0) win 64240 <mss
1440,nop,nop,sackOK>
Jan 7 16:42:56 pf: 2. 981098 rule 34/0(match):
block in on fxp1: 24.39.106.226.9662 >
24.39.185.77.445: S 1507362970:1507362970(0) win
64240 <mss 1440,nop,nop,sackOK>
Jan 7 16:44:00 pf: 63. 695454 rule 34/0(match):
block in on fxp1: 24.39.106.235.3157 >
24.39.185.77.445: S 351758237:351758237(0) win
16384 <mss 1460,nop,nop,sackOK>
Jan 7 16:44:03 pf: 2. 962854 rule 34/0(match):
block in on fxp1: 24.39.106.235.3157 >
24.39.185.77.445: S 351758237:351758237(0) win
16384 <mss 1460,nop,nop,sackOK>
Jan 7 16:44:09 pf: 6. 004534 rule 34/0(match):
block in on fxp1: 24.39.106.235.3157 >
24.39.185.77.445: S 351758237:351758237(0) win
16384 <mss 1460,nop,nop,sackOK>
Jan 7 16:44:15 pf: 5. 851681 rule 34/0(match):
block in on fxp1: 24.35.87.80.2464 >
24.39.185.77.135: S 2356626664:2356626664(0) win
16384 <mss 1460,nop,nop,sackOK>
Jan 7 16:47:54 pf: 220. 070837 rule 34/0(match):
block in on fxp1: 24.39.25.127.1555 >
24.39.185.77.445: S 2165178012:2165178012(0) win
64512 <mss 1460,nop,nop,sackOK>
Jan 7 16:47:57 pf: 2. 960298 rule 34/0(match):
block in on fxp1: 24.39.25.127.1555 >
24.39.185.77.445: S 2165178012:2165178012(0) win
64512 <mss 1460,nop,nop,sackOK>
Jan 7 16:54:57 pf: 419. 945844 rule 34/0(match):
block in on fxp1: 66.67.229.184.27336 >
24.39.185.77.1026: UDP, length 1052
--
David L. Strout
Engineering Systems Plus, LLC
----- Original Message -----
Subject: Re: Re: Re: [pfSense Support] RE: LOGGING
ISSUE
From: [EMAIL PROTECTED]
To: [email protected]
Date: 01-07-2006 4:50 pm
> I really don't know what to say, I'm staring at
5+ TCP entries in my
> system logs.
>
> On 1/7/06, David Strout <[EMAIL PROTECTED]>
wrote:
> > OK, I updated the file to the version
reccommended
> > and rebooted and still I get the same
results.....
> >
> > # head /usr/local/www/diag_logs_filter.php
> > <?php
> > /* $Id: diag_logs_filter.php,v 1.46.2.8
2006/01/07
> > 21:21:01 sullrich Exp $ */
> > /*
> > diag_logs_filter.php
> > part of pfSesne by Scott Ullrich
> > originally based on m0n0wall
> > (http://m0n0.ch/wall)
> >
> > Copyright (C) 2003-2004 Manuel Kasper
> > <[EMAIL PROTECTED]>.
> > All rights reserved.
> >
> > #
> >
> >
> > --
> > David L. Strout
> > Engineering Systems Plus, LLC
> >
> > ----- Original Message -----
> > Subject: Re: Re: [pfSense Support] RE: LOGGING
> > ISSUE
> > From: [EMAIL PROTECTED]
> > To: [email protected]
> > Date: 01-07-2006 4:24 pm
> >
> >
> > > Okay I can reproduce this one (TCP).
> > >
> > > Update
> > >
> > > /usr/local/www/diag_logs_filter.php
> > >
> > > with:
> > >
> > >
> >
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/usr/local/www/diag_logs_filter.php?rev=1.46.2.8;content-type=application%2Fx-httpd-php;only_with_tag=RELENG_1
> > >
> > > Use Diagnostics->Edit File.
> > >
> > > On 1/7/06, David Strout
<[EMAIL PROTECTED]>
> > wrote:
> > > > Well I can't reproduce that here.
> > > >
> > > > Tried both IE & FF and I get the same
thing.
> > > >
> > > > Seems that UDP entries are showing up just
> > fine,
> > > > but TCP is the "no-show" ... when I view
the
> > logs
> > > > "raw" they are all there.
> > > >
> > > >
> > > > ----- Original Message -----
> > > > Subject: Re: [pfSense Support] RE: LOGGING
> > ISSUE
> > > > From: [EMAIL PROTECTED]
> > > > To: [email protected]
> > > > Date: 01-07-2006 3:34 pm
> > > >
> > > >
> > > > > I am not seeing that. Logs are showing
> > just
> > > > fine here.
> > > > >
> > > > > On 1/7/06, David Strout
> > <[EMAIL PROTECTED]>
> > > > wrote:
> > > > > > OK, after rebuilding and applying the
> > latest
> > > > tgz
> > > > > > update I now get nothing in the
> > "formatted"
> > > > logs
> > > > > > but I see all of the files with the
"show
> > raw
> > > > > > logs" option checked.
> > > > > >
> > > > > > --
> > > > > > David L. Strout
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> >
---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> >
---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > For additional commands, e-mail:
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > > >
> > > >
> >
---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> >
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > For additional commands, e-mail:
[EMAIL PROTECTED]
> >
> >
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
