pf logs - no packet header data (4.8)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

pf logs - no packet header data (4.8)

julf
Hi!

Setting up a firewall with 4.8, I was rather surprised
to see that I don get any logged info from the blocked
packets (beyond the fact that they were blocked).

I assume I am missing some silly little thing...

# tcpdump -n -e -ttt -i pflog0
tcpdump: listening on pflog0, link-type PFLOG
Nov 14 18:24:28.487932 rule 5/(match) block in on xl0: [|ip]
Nov 14 18:24:39.836219 rule 5/(match) block in on xl0: [|ip]
Nov 14 18:24:41.776013 rule 5/(match) block in on xl0: [|ip]
Nov 14 18:24:50.566842 rule 5/(match) block in on xl0: [|ip]

Cheers,

        Julf

Reply | Threaded
Open this post in threaded view
|

Re: pf logs - no packet header data (4.8)

Otto Moerbeek
On Sun, Nov 14, 2010 at 06:27:38PM +0100, Johan Helsingius wrote:

> Hi!
>
> Setting up a firewall with 4.8, I was rather surprised
> to see that I don get any logged info from the blocked
> packets (beyond the fact that they were blocked).
>
> I assume I am missing some silly little thing...
>
> # tcpdump -n -e -ttt -i pflog0
> tcpdump: listening on pflog0, link-type PFLOG
> Nov 14 18:24:28.487932 rule 5/(match) block in on xl0: [|ip]
> Nov 14 18:24:39.836219 rule 5/(match) block in on xl0: [|ip]
> Nov 14 18:24:41.776013 rule 5/(match) block in on xl0: [|ip]
> Nov 14 18:24:50.566842 rule 5/(match) block in on xl0: [|ip]
>
> Cheers,
>
> Julf

Increase your snaplen using -s

        -Otto