eureka ....
After logging all traffic out to console and
monitoring this during reboot/boot I came to a
stunning conclusion (or might I say the OS gave me
the answer).
Upon every reboot I would see the following in
dmesg:
Jul 01 08:39:55 192.168.1.1 Jul 1 08:42:00 pf:
tcpdump: WARNING: pflog0: no IPv4 address assigned
Jul 01 08:39:55 192.168.1.1 Jul 1 08:42:00 pf:
tcpdump: verbose output suppressed, use -v or -vv
for full protocol decode
So ... I simply added the -vv switch to the two
lines in /etc/inc/filter.inc (lines 58 & 60) as
follows:
58 $pid = `ps awwwux | grep -v "grep" |
grep "tcpdump -vv -l -n -e -ttt -i pflog0" | awk
'{ print $2 }'`;
60 mwexec_bg("/usr/sbin/tcpdump
-vv -l -n -e -ttt -i pflog0 | logger -t pf -p
local0.info");
AND VIOLA' .. logs are showing ports correctly.
--
David L. Strout
Engineering Systems Plus, LLC
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
