Re: [logs] pf log

From: Matt Bing (mbingat_private)
Date: Wed Dec 26 2001 - 10:34:44 PST

Next message: Jose Nazario: "Re: [logs] pf log"

Previous message: Ganu Skop: "[logs] pf log"
In reply to: Ganu Skop: "[logs] pf log"
Next in thread: Ganu Skop: "Re: [logs] pf log"
Next in thread: Jose Nazario: "Re: [logs] pf log"
Reply: Ganu Skop: "Re: [logs] pf log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ganu Skop said:
> anyone has done a write up on datagram of packet
> filter (openbsd 3.0 firewall log ) datagram? this is
> what field is available ?

Not exactly sure what you mean. When a packet matches a 'log' line
in pf.conf, the packet is sent to a virtual interface, pflog0. 
The default logging mechanism in OpenBSD 3.0 is to run pflogd(8) on
pflog0 and write those packets to /var/log/pflog. If you require more
information, you run 'tcpdump -r /var/log/pflog' and look at the
contents of every packet. You can even write your own pflogd to
parse packets using libpcap, there's no real magic. It's really quite
flexible.

-- 
Matt Bing
NFR Security
Rapid Response Team

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Jose Nazario: "Re: [logs] pf log"
Previous message: Ganu Skop: "[logs] pf log"
In reply to: Ganu Skop: "[logs] pf log"
Next in thread: Ganu Skop: "Re: [logs] pf log"
Next in thread: Jose Nazario: "Re: [logs] pf log"
Reply: Ganu Skop: "Re: [logs] pf log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 26 2001 - 12:38:12 PST