sorry for mis-info here it is i'm looking for a datagram explaination - like for each field what does it mean like source address destination address traffic flow interface so that it comes in handy for those that would need to read a log thanks -skop --- Matt Bing <mbingat_private> wrote: > Ganu Skop said: > > anyone has done a write up on datagram of packet > > filter (openbsd 3.0 firewall log ) datagram? this > is > > what field is available ? > > Not exactly sure what you mean. When a packet > matches a 'log' line > in pf.conf, the packet is sent to a virtual > interface, pflog0. > The default logging mechanism in OpenBSD 3.0 is to > run pflogd(8) on > pflog0 and write those packets to /var/log/pflog. If > you require more > information, you run 'tcpdump -r /var/log/pflog' and > look at the > contents of every packet. You can even write your > own pflogd to > parse packets using libpcap, there's no real magic. > It's really quite > flexible. > > -- > Matt Bing > NFR Security > Rapid Response Team > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > loganalysis-unsubscribeat_private > For additional commands, e-mail: > loganalysis-helpat_private > __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Dec 28 2001 - 10:20:53 PST