--
David L. Strout
Engineering Systems Plus, LLC
----- Original Message -----
Subject: Re: [pfSense Support] firewall logs .... no show
From: [EMAIL PROTECTED]
To: [email protected]
Date: 02-05-2006 1:45 pm
Edit /etc/inc/filter.inc
filter_pflog_start()
On 2/5/06, David Strout <[EMAIL PROTECTED]> wrote:
>
>
> The command: /usr/sbin/tcpdump -l -n -e -ttt -i pflog0
> Gives logs like this:
>
> 000319 rule 35/0(match): block in on fxp1: 24.39.185.75.36838 >
> 24.39.185.78.1408: S 1674449733:16744497! 33(0) win 1024
>
> You'll notice ... NO PROTOCOL INFO !!!
>
> But, a command like this: /usr/sbin/tcpdump -l -n -e -ttt -v -i pflog0
> Give logs like this:
>
> 000242 rule 35/0(match): block in on fxp1: (tos 0x0, ttl 41, id 11077,
> offset 0, flags [none], proto: TCP (6), length: 40) 24.39.185.75.34774 >
> 24.39.185.78.80: S, cksum 0xaaa2 (correct), 1576235070:1576235070(0) win
> 3072
>
> AND You'll notice ... HELLO, THE PROTOCOL INFO is there ready to be egrep'd
> out
>
>
> So my question is this, how do I modify the startup of this tcpdump
> procedure to add the [-v] to see if this actually helps in producing logs in
> the pfS app?
>
> --
> David L. Strout
> Engineering Systems Plus, LLC!
>
>
---------------------------------------------------------------------
To unsubs! cribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
