I figured that was the case with the md5' ... that make perfect sense. I seem to have had some residual ext3 fs garbage on the old install ... funny how the system even booted at all ... can't explain that one. I have re patririoned and re-formatted and re-installed the ISO and everything seems in the right place now .... sorry for the mis-report.
I did just port a reply and finding on the logging though. The formatted logs are still AWOL, but the RAW logs now show up. Still diggin' -- David L. Strout Engineering Systems Plus, LLC ----- Original Message ----- Subject: Re: Re: Re: [pfSense Support] firewall logs .... no show From: [EMAIL PROTECTED] To: [email protected] Date: 02-05-2006 2:33 pm > David, > > If /etc/inc/filter.inc didn't exist then NOTHING would work, I promise you. > > I have no idea what you have going on other there but all I can say is > that /etc/inc/filter.inc does exist, look at CVSWEB and you will see > that this is where the file lives. > > http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/ > > I generally post MD5's on the official beta builds, not on the snapshot builds. > > On 2/5/06, David Strout <[EMAIL PROTECTED]> wrote: > > I beg your pardon ... I installed it from the > > pfsense.iso from > > http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-2-06/ > > > > # uname -a > > FreeBSD espfwvpn2.espmaine.net 6.0-STABLE FreeBSD > > 6.0-STABLE #0: Fri Feb 3 21:11:08 UTC 2006 > > [EMAIL PROTECTED]:/usr/obj.pfSense/usr/src/sys/pfSense.6 > > i386 > > > > Think someone should look at the ISO's ... might > > be nice to post md5s also and maybe check them > > against the ones you have running "successfully" > > prior to posting them. > > > > -- > > David L. Strout > > Engineering Systems Plus, LLC > > > > ----- Original Message ----- > > Subject: Re: Re: [pfSense Support] firewall logs > > .... no show > > From: [EMAIL PROTECTED] > > To: [email protected] > > Date: 02-05-2006 1:53 pm > > > > > > > Uhh, then you're not on a pfSense box? > > > > > > On 2/5/06, David Strout <[EMAIL PROTECTED]> > > wrote: > > > > [EMAIL PROTECTED]:~# find / -name filter.inc > > > > [EMAIL PROTECTED]:~# > > > > > > > > [EMAIL PROTECTED]:~# ls -al /etc/inc > > > > /usr/bin/ls: /etc/inc: No such file or > > directory > > > > > > > > -- > > > > David L. Strout > > > > Engineering Systems Plus, LLC > > > > > > > > ----- Original Message ----- > > > > Subject: Re: [pfSense Support] firewall logs > > .... > > > > no show > > > > From: [EMAIL PROTECTED] > > > > To: [email protected] > > > > Date: 02-05-2006 1:48 pm > > > > > > > > > > > > > Looks like you may have solved this issue. > > -v > > > > seems to be forcing > > > > > the protocol and then the regex can do its > > > > magic. > > > > > > > > > > Nice work. > > > > > > > > > > On 2/5/06, Scott Ullrich > > <[EMAIL PROTECTED]> > > > > wrote: > > > > > > Edit /etc/inc/filter.inc > > > > > > > > > > > > filter_pflog_start() > > > > > > > > > > > > On 2/5/06, David Strout > > <[EMAIL PROTECTED]> > > > > wrote: > > > > > > > > > > > > > > > > > > > > > The command: /usr/sbin/tcpdump -l -n -e > > -ttt > > > > -i pflog0 > > > > > > > Gives logs like this: > > > > > > > > > > > > > > 000319 rule 35/0(match): block in on > > fxp1: > > > > 24.39.185.75.36838 > > > > > > > > 24.39.185.78.1408: S > > > > 1674449733:1674449733(0) win 1024 > > > > > > > > > > > > > > You'll notice ... NO PROTOCOL INFO !!! > > > > > > > > > > > > > > But, a command like this: > > /usr/sbin/tcpdump > > > > -l -n -e -ttt -v -i pflog0 > > > > > > > Give logs like this: > > > > > > > > > > > > > > 000242 rule 35/0(match): block in on > > fxp1: > > > > (tos 0x0, ttl 41, id 11077, > > > > > > > offset 0, flags [none], proto: TCP (6), > > > > length: 40) 24.39.185.75.34774 > > > > > > > > 24.39.185.78.80: S, cksum 0xaaa2 > > (correct), > > > > 1576235070:1576235070(0) win > > > > > > > 3072 > > > > > > > > > > > > > > AND You'll notice ... HELLO, THE > > PROTOCOL > > > > INFO is there ready to be egrep'd > > > > > > > out > > > > > > > > > > > > > > > > > > > > > So my question is this, how do I modify > > the > > > > startup of this tcpdump > > > > > > > procedure to add the [-v] to see if this > > > > actually helps in producing logs in > > > > > > > the pfS app? > > > > > > > > > > > > > > -- > > > > > > > David L. Strout > > > > > > > Engineering Systems Plus, LLC! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > > > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
