Date: Wed, 2 Feb 2005 09:21:04 -0700 (MST) From: "Tim Hogan" <tim@hoganzoo.com> To: freebsd-questions@freebsd.org Subject: Trouble reading the nightly "security run output" report Message-ID: <30432.192.18.101.5.1107361264.squirrel@www.hoganzoo.com>
next in thread | raw e-mail | index | archive | help
OK, so every night the default install of FreeBSD generates a "security run output" report for IPF denied packets. Here is a sample report; > 221143 @2 block out log quick on dc0 from any to any head 15 > 92733 @2 block in log quick on dc0 from any to any head 10 > 20 @8 block in log quick on dc0 from 10.0.0.0/8 to any group 10 That's it. I am looking at this and trying to figure out if it is useful and just what are those numbers for? I have IPF creating a log entry for all of the dropped packets, but when I look at the logs I can't match those numbers at all. In fact, if I do a 'wc -l' on the log file I get a count of 10,780 lines. If I take into account the log entries that have a consecutive count logged I come up with 11,422. Not even close the numbers listed above. So just what does this report mean and is there a better tool to run that would give me a nightly report of total drops and perhaps the top ten offenders and why? Thanks Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30432.192.18.101.5.1107361264.squirrel>