I just re-installed the from the ISO and the files are indeed there .... sorry for the (MY) confusion everyone.
This did in fact cure the no-show-raw logs ... but the formatted logs are still awol .... -- David L. Strout Engineering Systems Plus, LLC ----- Original Message ----- Subject: Re: Re: [pfSense Support] firewall logs .... no show From: [EMAIL PROTECTED] To: [email protected] Date: 02-05-2006 1:53 pm > [EMAIL PROTECTED]:~# find / -name filter.inc > [EMAIL PROTECTED]:~# > > [EMAIL PROTECTED]:~# ls -al /etc/inc > /usr/bin/ls: /etc/inc: No such file or directory > > -- > David L. Strout > Engineering Systems Plus, LLC > > ----- Original Message ----- > Subject: Re: [pfSense Support] firewall logs .... > no show > From: [EMAIL PROTECTED] > To: [email protected] > Date: 02-05-2006 1:48 pm > > > > Looks like you may have solved this issue. -v > seems to be forcing > > the protocol and then the regex can do its > magic. > > > > Nice work. > > > > On 2/5/06, Scott Ullrich <[EMAIL PROTECTED]> > wrote: > > > Edit /etc/inc/filter.inc > > > > > > filter_pflog_start() > > > > > > On 2/5/06, David Strout <[EMAIL PROTECTED]> > wrote: > > > > > > > > > > > > The command: /usr/sbin/tcpdump -l -n -e -ttt > -i pflog0 > > > > Gives logs like this: > > > > > > > > 000319 rule 35/0(match): block in on fxp1: > 24.39.185.75.36838 > > > > > 24.39.185.78.1408: S > 1674449733:1674449733(0) win 1024 > > > > > > > > You'll notice ... NO PROTOCOL INFO !!! > > > > > > > > But, a command like this: /usr/sbin/tcpdump > -l -n -e -ttt -v -i pflog0 > > > > Give logs like this: > > > > > > > > 000242 rule 35/0(match): block in on fxp1: > (tos 0x0, ttl 41, id 11077, > > > > offset 0, flags [none], proto: TCP (6), > length: 40) 24.39.185.75.34774 > > > > > 24.39.185.78.80: S, cksum 0xaaa2 (correct), > 1576235070:1576235070(0) win > > > > 3072 > > > > > > > > AND You'll notice ... HELLO, THE PROTOCOL > INFO is there ready to be egrep'd > > > > out > > > > > > > > > > > > So my question is this, how do I modify the > startup of this tcpdump > > > > procedure to add the [-v] to see if this > actually helps in producing logs in > > > > the pfS app? > > > > > > > > -- > > > > David L. Strout > > > > Engineering Systems Plus, LLC! > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
