NOPE !!! Last suggestion DID NOT produce the desired results. It did show some ports but everything shows up as proto ESP and I think the ports (src & dst) were reversed.
Looks like logging (port displaying) is broken. I will try to help figure it out and lend a hand where I can in this effort. > Looks like there is a possibility to start the > tcpdump sequence that feeds syslog with a -s 128 > parameter, but not sure if it is producing the > desired results. > > > > Check in /etc/inc/filter.inc IIRC. > > > > Scott > > > > > > On 6/18/07, David Strout <[EMAIL PROTECTED]> > wrote: > > > I find that if you issue the snarf (snaplen) > > > switch to the tcpdump command it reports the > > > correct ports. Where is the > "/usr/sbin/tcpdump -l > > > -n -e -ttt -i pflog0" issued from .. rc script > > > ???? > > > > > > > I also noticed that in the show raw logs > mode > > > the > > > > ports do not show. > > > > > > > > -- > > > > David L. Strout > > > > Engineering Systems Plus, LLC > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
