# ls -la /etc/inc/filter.inc -rw-r--r-- 1 root wheel 74780 Feb 5 13:46 /etc/inc/filter.inc # uname -a FreeBSD pfsense.geekgod.com 6.0-STABLE FreeBSD 6.0-STABLE #0: Sat Feb 4 01:24:58 UTC 2006 [EMAIL PROTECTED]:/usr/obj.pfSense/usr/src/sys/pfSense.6 i386
On 2/5/06, David Strout <[EMAIL PROTECTED]> wrote: > No such directory .... /etc/inc/ > -- > David L. Strout > Engineering Systems Plus, LLC > > > ----- Original Message ----- > Subject: Re: [pfSense Support] firewall logs .... no show > From: [EMAIL PROTECTED] > To: [email protected] > Date: 02-05-2006 1:45 pm > > > Edit /etc/inc/filter.inc > > filter_pflog_start() > > On 2/5/06, David Strout <[EMAIL PROTECTED]> wrote: > > > > > > The command: /usr/sbin/tcpdump -l -n -e -ttt -i pflog0 > > Gives logs like this: > > > > 000319 rule 35/0(match): block in on fxp1: 24.39.185.75.36838 > > > 24.39.185.78.1408: S 1674449733:16744497! 33(0) win 1024 > > > > You'll notice ... NO PROTOCOL INFO !!! > > > > But, a command like this: /usr/sbin/tcpdump -l -n -e -ttt -v -i pflog0 > > Give logs like this: > > > > 000242 rule 35/0(match): block in on fxp1: (tos 0x0, ttl 41, id 11077, > > offset 0, flags [none], proto: TCP (6), length: 40) 24.39.185.75.34774 > > > 24.39.185.78.80: S, cksum 0xaaa2 (correct), 1576235070:1576235070(0) win > > 3072 > > > > AND You'll notice ... HELLO, THE PROTOCOL INFO is there ready to be > egrep'd > > out > > > > > > So my question is this, how do I modify the startup of this tcpdump > > procedure to add the [-v] to see if this actually helps in producing logs > in > > the pfS app? > > > > -- > > David L. Strout > > Engineering Systems Plus, LLC! > > > > > > --------------------------------------------------------------------- > To unsubs! cribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
