| Author |
Message |
Marco S Hyman
*nix forums beginner
Joined: 04 Mar 2005
Posts: 36
|
 Posted: Wed Mar 16, 2005 1:17 am Post subject:
Re: pflogd logs nothing
|
|
|
Gabriele Zucchetta <zucchi@xxx.it> writes:
| Quote: | but the documentation (pf faq) don't speek about this
....
It's a scarsity in the documentation. For me the loggin is
|
The FAQ is *not* the documentation. The man page is.
Read pf.conf(5).
// marc |
|
| Back to top |
|
 |
Marco S Hyman
*nix forums beginner
Joined: 04 Mar 2005
Posts: 36
|
| Posted: Tue Mar 15, 2005 11:17 pm Post subject:
Re: pflogd logs nothing
|
|
|
Gabriele Zucchetta <zucchi@xxx.it> writes:
| Quote: | set loginterface $ext_if
|
From the pf.conf(5):
set loginterface
Enable collection of packet and byte count statistics for the given
interface. These statistics can be viewed using
# pfctl -s info
It has nothing to do with the log file.
| Quote: | Do you have any rules in pf.conf cosisting:
pass log ......
or
block log.....
I'm sorry, I have not the log rules in my pf.conf
but the documentation (pf faq) don't speek about this
features.
|
from pf.conf(5):
log In addition to the action specified, a log message is generated.
All packets for that connection are logged, unless the keep state,
modulate state or synproxy state options are specified, in which
case only the packet that establishes the state is logged. (See
keep state, modulate state and synproxy state below). The logged
packets are sent to the pflog(4) interface. This interface is mon-
itored by the pflogd( logging daemon, which dumps the logged
packets to the file /var/log/pflog in pcap(3) binary format.
and in the pf.conf(5) examples:
# block and log everything by default
block return log on $ext_if all
// marc |
|
| Back to top |
|
|
lost
*nix forums beginner
Joined: 12 Mar 2005
Posts: 15
|
| Posted: Tue Mar 15, 2005 10:50 pm Post subject:
Re: pflogd logs nothing
|
|
|
| Quote: | It's a scarsity in the documentation. For me the loggin is
a priority and it is a first step towards security, then is
important upgrade this part of pf documentation.
Better choose your friends. |
man pf.conf is your first friend.
===
log In addition to the action specified, a log message is generated.
All packets for that connection are logged, unless the keep
state,
modulate state or synproxy state options are specified, in which
case only the packet that establishes the state is logged. (See
keep state, modulate state and synproxy state below). The logged
packets are sent to the pflog(4) interface. This interface is
mon-
itored by the pflogd( logging daemon, which dumps the logged
packets to the file /var/log/pflog in pcap(3) binary format.
===
-- |
|
| Back to top |
|
|
Gabriele Zucchetta
*nix forums beginner
Joined: 15 Mar 2005
Posts: 3
|
| Posted: Tue Mar 15, 2005 10:05 pm Post subject:
Re: pflogd logs nothing
|
|
|
On Tue, 15 Mar 2005 11:50:18 -0600, John McGrail wrote:
..
| Quote: | I'm sorry, I have not the log rules in my pf.conf
but the documentation (pf faq) don't speek about this
features.
yes it does.
It's a scarsity in the documentation. For me the loggin is |
a priority and it is a first step towards security, then is
important upgrade this part of pf documentation.
zucchi |
|
| Back to top |
|
|
John McGrail
*nix forums beginner
Joined: 23 Feb 2005
Posts: 22
|
| Posted: Tue Mar 15, 2005 4:50 pm Post subject:
Re: pflogd logs nothing
|
|
|
| Quote: | Do you have any rules in pf.conf cosisting:
pass log ......
or
block log.....
I'm sorry, I have not the log rules in my pf.conf
but the documentation (pf faq) don't speek about this
features.
|
yes it does.
--
ratfood@food.skaterat.net
All foods should be removed to reply |
|
| Back to top |
|
|
Gabriele Zucchetta
*nix forums beginner
Joined: 15 Mar 2005
Posts: 3
|
| Posted: Tue Mar 15, 2005 4:41 pm Post subject:
Re: pflogd logs nothing
|
|
|
On Tue, 15 Mar 2005 18:15:53 +0100, lost wrote:
| Quote: | # options
set block-policy return
set loginterface $ext_if
Do you have any rules in pf.conf cosisting:
pass log ......
or
block log.....
I'm sorry, I have not the log rules in my pf.conf |
but the documentation (pf faq) don't speek about this
features.
zucchi |
|
| Back to top |
|
|
lost
*nix forums beginner
Joined: 12 Mar 2005
Posts: 15
|
| Posted: Tue Mar 15, 2005 4:15 pm Post subject:
Re: pflogd logs nothing
|
|
|
| Quote: | # options
set block-policy return
set loginterface $ext_if
Do you have any rules in pf.conf cosisting: |
pass log ......
or
block log.....
?
man pf.conf
-- |
|
| Back to top |
|
|
Gabriele Zucchetta
*nix forums beginner
Joined: 15 Mar 2005
Posts: 3
|
| Posted: Tue Mar 15, 2005 3:53 pm Post subject:
pflogd logs nothing
|
|
|
It's strange, my server nat works fine, but if I try to
view log file (/var/log/pflog) whit tcpdump I obtain
a empty string. The command is (user root):
tcpdump -n -e -ttt -r /var/log/pflog
The pflogd is up (/var/run/pflogd.pid have a
number) but the pflog file is not update:
rw------- 1 root wheel 24 Feb 11 16:15 /var/log/pflog
^^^^^^^^^^^^
Today is: Tue Mar 15 17:49:48 CET 2005
Why this problem, why nothing is loged?
My OpenBSD is 3.6 and in pf.conf I have:
# options
set block-policy return
set loginterface $ext_if
tanks
zucchi |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
OpenBSD
