From owner-freebsd-ipfw Sun Jan 6 17:38:53 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from tom.dyn.dhs.org (c2020b86.adsl.oleane.fr [194.2.11.134]) by hub.freebsd.org (Postfix) with ESMTP id 86AC937B419 for ; Sun, 6 Jan 2002 17:38:50 -0800 (PST) Received: from dial.oleane.com (tom.priv [192.168.27.2]) by tom.dyn.dhs.org (8.12.1/8.12.1) with ESMTP id g071cmXl004089 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Mon, 7 Jan 2002 02:38:48 +0100 (CET) Message-ID: <3C38FC27.CC1E8AC9@dial.oleane.com> Date: Mon, 07 Jan 2002 02:38:47 +0100 From: =?iso-8859-1?Q?Ga=EBl?= Roualland X-Mailer: Mozilla 4.79 [fr] (X11; U; Linux 2.4.15 i686) X-Accept-Language: fr, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Reporting last packet that will get logged Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, ipfw has a nice feature of logging limit to avoid flooding the logs; However, one needs to reset them regurlarly, and this outputs annoying logging messages while often the reset wouldn't have been needed... To solve this, a while back I did a simple patch to the 4.2 ipfw(8) command to be able to report the number of the last packet that will be logged on a rule which has logging enabled, before the logging limit is reached. This allows to resetlogs only when one rule has reached (or is close to reach) its limit. Maybe this could be a feature to add to the stock ipfw command ? Gaël. -- Gaël Roualland -+- gael.roualland@dial.oleane.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jan 6 23:15:39 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by hub.freebsd.org (Postfix) with ESMTP id 703D037B416 for ; Sun, 6 Jan 2002 23:15:22 -0800 (PST) Received: from user-33qtnie.dialup.mindspring.com ([199.174.222.78] helo=gohan.cjclark.org) by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16NU08-0002nQ-00; Sun, 06 Jan 2002 23:15:21 -0800 Received: (from cjc@localhost) by gohan.cjclark.org (8.11.6/8.11.1) id g0771IO03067; Sun, 6 Jan 2002 23:01:18 -0800 (PST) (envelope-from cjc) Date: Sun, 6 Jan 2002 23:01:18 -0800 From: "Crist J. Clark" To: =?iso-8859-1?Q?Ga=EBl_Roualland?= Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Reporting last packet that will get logged Message-ID: <20020106230118.F2029@gohan.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <3C38FC27.CC1E8AC9@dial.oleane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <3C38FC27.CC1E8AC9@dial.oleane.com>; from gael.roualland@dial.oleane.com on Mon, Jan 07, 2002 at 02:38:47AM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 07, 2002 at 02:38:47AM +0100, Gaël Roualland wrote: > Hello, > > ipfw has a nice feature of logging limit to avoid flooding the logs; > However, one needs to reset them regurlarly, and this outputs annoying > logging messages while often the reset wouldn't have been needed... > > To solve this, a while back I did a simple patch to the 4.2 ipfw(8) > command to be able to report the number of the last packet that will be > logged on a rule which has logging enabled, before the logging limit is > reached. This allows to resetlogs only when one rule has reached (or is > close to reach) its limit. > > Maybe this could be a feature to add to the stock ipfw command ? First of all, I really don't see what is so annoying about a single log entry. A script doing some sort of analysis can easily ignore them and a obviously a human reader can easily skip them over. Second, I think this is a rather awkward way to handle this. The "reset" messages are logged at the "notice" level while 'log' rules are logged at "info." This can be used to separate them. Finally, I'm not sure I'm clear on, "the number of the last packet that will be logged," means. I'm thinking adding a field to the 'show' or 'list' commands when a flag is given, say '-l' for "limit," that shows where the counter currently is would be more straightforward. So, # ipfw -l list 1000 01000 456 deny log logamount 1000 ip from any to any We've logged 456 packets since the last reset. We can quickly figure out there are 544 more to be logged before we hit the limit. -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jan 6 23:23:24 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from tom.dyn.dhs.org (c2020b86.adsl.oleane.fr [194.2.11.134]) by hub.freebsd.org (Postfix) with ESMTP id B0AA537B417 for ; Sun, 6 Jan 2002 23:23:20 -0800 (PST) Received: from dial.oleane.com (tom.priv [192.168.27.2]) by tom.dyn.dhs.org (8.12.1/8.12.1) with ESMTP id g077N9Xl005189 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 7 Jan 2002 08:23:16 +0100 (CET) Message-ID: <3C394CDC.4BD0AB6E@dial.oleane.com> Date: Mon, 07 Jan 2002 08:23:08 +0100 From: =?iso-8859-1?Q?Ga=EBl?= Roualland X-Mailer: Mozilla 4.79 [fr] (X11; U; Linux 2.4.15 i686) X-Accept-Language: fr, en MIME-Version: 1.0 To: cjclark@alum.mit.edu Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Reporting last packet that will get logged References: <3C38FC27.CC1E8AC9@dial.oleane.com> <20020106230118.F2029@gohan.cjclark.org> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Crist J. Clark" a écrit : > > On Mon, Jan 07, 2002 at 02:38:47AM +0100, Gaël Roualland wrote: > > Hello, > > > > ipfw has a nice feature of logging limit to avoid flooding the logs; > > However, one needs to reset them regurlarly, and this outputs annoying > > logging messages while often the reset wouldn't have been needed... > > > > To solve this, a while back I did a simple patch to the 4.2 ipfw(8) > > command to be able to report the number of the last packet that will be > > logged on a rule which has logging enabled, before the logging limit is > > reached. This allows to resetlogs only when one rule has reached (or is > > close to reach) its limit. > > > > Maybe this could be a feature to add to the stock ipfw command ? > > First of all, I really don't see what is so annoying about a single > log entry. A script doing some sort of analysis can easily ignore them > and a obviously a human reader can easily skip them over. > > Second, I think this is a rather awkward way to handle this. The > "reset" messages are logged at the "notice" level while 'log' rules > are logged at "info." This can be used to separate them. Sure, this is something that can be easily handled with other ways, I just find it nicer/usefull to be able to do it another way, and it doesn't need a lot to be reported since the information is present in the data structure. > Finally, I'm not sure I'm clear on, "the number of the last packet > that will be logged," means. This is actually what the kernel structures uses (at least on 4.2), but it is quite easy to convert to something more user friendly, I agree :) > I'm thinking adding a field to the 'show' > or 'list' commands when a flag is given, say '-l' for "limit," that > shows where the counter currently is would be more > straightforward. So, > > # ipfw -l list 1000 > 01000 456 deny log logamount 1000 ip from any to any > > We've logged 456 packets since the last reset. We can quickly figure > out there are 544 more to be logged before we hit the limit. That would be perfectly fine, Gaël. -- Gaël Roualland -+- gael.roualland@dial.oleane.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Jan 11 0:44:27 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from priv-edtnes12-hme0.telusplanet.net (fepout4.telus.net [199.185.220.239]) by hub.freebsd.org (Postfix) with ESMTP id B7B1F37B402 for ; Fri, 11 Jan 2002 00:44:24 -0800 (PST) Received: from yourdomain.net ([207.194.26.60]) by priv-edtnes12-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020111084403.WJOQ28767.priv-edtnes12-hme0.telusplanet.net@yourdomain.net>; Fri, 11 Jan 2002 01:44:03 -0700 From: Simon K To: Homebuyer/Homeseller <> Subject: Jim suggested we contact you Re: Buying and Selling Your Home Date: Fri, 11 Jan 2002 00:41:43 -0800 X-Sender: Simon K X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 X-MSMail-Priority: Normal Message-Id: <20020111084403.WJOQ28767.priv-edtnes12-hme0.telusplanet.net@yourdomain.net> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG We heard that you may be interested in moving shortly so we thought we'de introduce our free service to you that pays you when you sell and/or buy a home. Our company RRN Realty Referral Network Inc. refers clients to top Realtors(r) in most areas of North America and pays the client a substantial cash reward when they complete a sale and/or purchase of Real Estate using the referred Realtor(r). Each payment averages over $1000 and the client is paid this twice if they are both selling and then buying Real Estate.There is also a bonus draw for $10,000 with a 1/100 chance of winning (1/50 if you're selling and buying). Please visit our website www.rebate20.com for details and to signup. There is no obligation to use the services of the referred Realtor(r) unless a contract is entered into with that Realtor(r) so there is nothing to lose and $thousands to gain. This is "Free Money" to homebuyers and a substantial rebate on Realtor(r) commissions for homesellers! We look forward to hearing from you soon. .All the Best. RRN. If you do not wish to receive further followup emails please reply using the following link mailto:sales@rebate20.com?subject=unsubscribe or if this link doesn't work with your system simply send an email to sales@rebate20.com and put "unsubscribe" in the subject field. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message