I beg your pardon ... I installed it from the pfsense.iso from http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-2-06/
# uname -a FreeBSD espfwvpn2.espmaine.net 6.0-STABLE FreeBSD 6.0-STABLE #0: Fri Feb 3 21:11:08 UTC 2006 [EMAIL PROTECTED]:/usr/obj.pfSense/usr/src/sys/pfSense.6 i386 Think someone should look at the ISO's ... might be nice to post md5s also and maybe check them against the ones you have running "successfully" prior to posting them. -- David L. Strout Engineering Systems Plus, LLC ----- Original Message ----- Subject: Re: Re: [pfSense Support] firewall logs .... no show From: [EMAIL PROTECTED] To: [email protected] Date: 02-05-2006 1:53 pm > Uhh, then you're not on a pfSense box? > > On 2/5/06, David Strout <[EMAIL PROTECTED]> wrote: > > [EMAIL PROTECTED]:~# find / -name filter.inc > > [EMAIL PROTECTED]:~# > > > > [EMAIL PROTECTED]:~# ls -al /etc/inc > > /usr/bin/ls: /etc/inc: No such file or directory > > > > -- > > David L. Strout > > Engineering Systems Plus, LLC > > > > ----- Original Message ----- > > Subject: Re: [pfSense Support] firewall logs .... > > no show > > From: [EMAIL PROTECTED] > > To: [email protected] > > Date: 02-05-2006 1:48 pm > > > > > > > Looks like you may have solved this issue. -v > > seems to be forcing > > > the protocol and then the regex can do its > > magic. > > > > > > Nice work. > > > > > > On 2/5/06, Scott Ullrich <[EMAIL PROTECTED]> > > wrote: > > > > Edit /etc/inc/filter.inc > > > > > > > > filter_pflog_start() > > > > > > > > On 2/5/06, David Strout <[EMAIL PROTECTED]> > > wrote: > > > > > > > > > > > > > > > The command: /usr/sbin/tcpdump -l -n -e -ttt > > -i pflog0 > > > > > Gives logs like this: > > > > > > > > > > 000319 rule 35/0(match): block in on fxp1: > > 24.39.185.75.36838 > > > > > > 24.39.185.78.1408: S > > 1674449733:1674449733(0) win 1024 > > > > > > > > > > You'll notice ... NO PROTOCOL INFO !!! > > > > > > > > > > But, a command like this: /usr/sbin/tcpdump > > -l -n -e -ttt -v -i pflog0 > > > > > Give logs like this: > > > > > > > > > > 000242 rule 35/0(match): block in on fxp1: > > (tos 0x0, ttl 41, id 11077, > > > > > offset 0, flags [none], proto: TCP (6), > > length: 40) 24.39.185.75.34774 > > > > > > 24.39.185.78.80: S, cksum 0xaaa2 (correct), > > 1576235070:1576235070(0) win > > > > > 3072 > > > > > > > > > > AND You'll notice ... HELLO, THE PROTOCOL > > INFO is there ready to be egrep'd > > > > > out > > > > > > > > > > > > > > > So my question is this, how do I modify the > > startup of this tcpdump > > > > > procedure to add the [-v] to see if this > > actually helps in producing logs in > > > > > the pfS app? > > > > > > > > > > -- > > > > > David L. Strout > > > > > Engineering Systems Plus, LLC! > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
