Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Apr 2006 16:22:53 +0300
From:      husnu demir <hdemir@metu.edu.tr>
To:        Bill Marquette <bill.marquette@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Log tag
Message-ID:  <20060404132253.GA3293270@metu.edu.tr>
In-Reply-To: <55e8a96c0604040610s6be12570m77293780b0c0e7c5@mail.gmail.com>
References:  <1144132192.47587.8.camel@siseci.gdg.gov.tr> <55e8a96c0604040501y719b4241ue9d989263797c8dc@mail.gmail.com> <55e8a96c0604040610s6be12570m77293780b0c0e7c5@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Tue, Apr 04, 2006 at 08:10:30AM -0500, Bill Marquette wrote:
> On 4/4/06, Bill Marquette <bill.marquette@gmail.com> wrote:
> > On 4/4/06, N. Ersen SISECI <siseci@gmail.com> wrote:
> > >
> > >
> > > Hi,
> > >
> > > Is it possible to label the log entries?
> > > We can do it in IPF with set-tag (log=48).
> > > Is there a similiar method in PF?
> > >
> > >
> > > IPF Rule:
> > > pass in log first quick on bge0 proto tcp from any to 10.1.2.3 port = 22
> > > flags S/SA keep state keep frags set-tag (log=110)
> > >
> > > IPF Log entry:
> > > 04/04/2006 09:26:00.982095 bge0 @0:3 p 10.1.2.3,57221 ->
> > > 192.168.90.12,22 PR tcp len 20 64 -S K-S K-F OUT log-tag 110
> >
> > The "label" keyword is what you want (and gives you a plain text
> > description instead of number?!?!?! ouch).
> >
> > pass in log from foo to bar label "foo to bar rule"
> 
> It's early...this was incorrect advice.  The labels only show in pfctl
> -sr, not in /dev/pflog0.  I'm not sure if there's a way to make this
> show up in  /dev/pflog0.


does "tcpdump -ttt -e -i pflog0 -n" show the rule number. so this may be used as label :) At least I get used that info extensively.


> 
> --Bill
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"


Husnu Demir.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060404132253.GA3293270>