seeing separate logs for differrent interfaces.
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
seeing separate logs for differrent interfaces.
by Siju George
::
Rate this Message:
Hi,
I have 2 interfaces rl1 and sk0. I would like to see their logs separately using #pfctl -s info if I put set loginterface rl1 set loginterface sk0 in /etc/pf.conf and type #pfctl -s info it only shows log for sk0 --------------------------- # cat /etc/pf.conf |grep loginterface set loginterface rl1 set loginterface sk0 # pfctl -s info Status: Enabled for 1 days 03:52:55 Debug: Urgent Interface Stats for sk0 IPv4 IPv6 Bytes In 63870343 0 Bytes Out 299895368 64 Packets In Passed 421299 0 Blocked 95198 0 Packets Out Passed 434992 1 Blocked 0 0 State Table Total Rate current entries 87 searches 1822134 18.2/s inserts 65674 0.7/s removals 65587 0.7/s Counters match 240352 2.4/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 50 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s # ------------------------------------ If I make an interface group log_ifs="{rl1, sk0} set loginterface log_ifs it shows the combined log --------------- # pfctl -s info Status: Enabled for 1 days 03:46:03 Debug: Urgent Interface Stats for log_ifs IPv4 IPv6 Bytes In 0 0 Bytes Out 0 0 Packets In Passed 0 0 Blocked 0 0 Packets Out Passed 0 0 Blocked 0 0 State Table Total Rate current entries 137 searches 1806931 18.1/s inserts 65146 0.7/s removals 65009 0.7/s Counters match 239143 2.4/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 46 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s ---------------------------- How do I do it correctly? Thanks --Siju |
|
|
Re: seeing separate logs for differrent interfaces.
by Michiel van Baak-2
::
Rate this Message:
On 11:34, Tue 03 Nov 09, Siju George wrote:
> Hi, > > I have 2 interfaces rl1 and sk0. I would like to see their logs separately using > > #pfctl -s info > > if I put > > set loginterface rl1 > set loginterface sk0 > > in /etc/pf.conf and type > > #pfctl -s info > > it only shows log for sk0 > > --------------------------- > # cat /etc/pf.conf |grep loginterface > set loginterface rl1 > set loginterface sk0 > # pfctl -s info > Status: Enabled for 1 days 03:52:55 Debug: Urgent > > Interface Stats for sk0 IPv4 IPv6 > Bytes In 63870343 0 > Bytes Out 299895368 64 > Packets In > Passed 421299 0 > Blocked 95198 0 > Packets Out > Passed 434992 1 > Blocked 0 0 > > State Table Total Rate > current entries 87 > searches 1822134 18.2/s > inserts 65674 0.7/s > removals 65587 0.7/s > Counters > match 240352 2.4/s > bad-offset 0 0.0/s > fragment 0 0.0/s > short 0 0.0/s > normalize 0 0.0/s > memory 0 0.0/s > bad-timestamp 0 0.0/s > congestion 0 0.0/s > ip-option 0 0.0/s > proto-cksum 0 0.0/s > state-mismatch 50 0.0/s > state-insert 0 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 0 0.0/s > # > ------------------------------------ > > > > If I make an interface group > > log_ifs="{rl1, sk0} > set loginterface log_ifs > > it shows the combined log > > --------------- > # pfctl -s info > Status: Enabled for 1 days 03:46:03 Debug: Urgent > > Interface Stats for log_ifs IPv4 IPv6 > Bytes In 0 0 > Bytes Out 0 0 > Packets In > Passed 0 0 > Blocked 0 0 > Packets Out > Passed 0 0 > Blocked 0 0 > > State Table Total Rate > current entries 137 > searches 1806931 18.1/s > inserts 65146 0.7/s > removals 65009 0.7/s > Counters > match 239143 2.4/s > bad-offset 0 0.0/s > fragment 0 0.0/s > short 0 0.0/s > normalize 0 0.0/s > memory 0 0.0/s > bad-timestamp 0 0.0/s > congestion 0 0.0/s > ip-option 0 0.0/s > proto-cksum 0 0.0/s > state-mismatch 46 0.0/s > state-insert 0 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 0 0.0/s > ---------------------------- > > How do I do it correctly? Tag all packets on sk0 with label sk0 and all packets on rl1 with label rl1 and look at the counters on the labels. > > Thanks > > --Siju > -- Michiel van Baak michiel@... http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD "Why is it drug addicts and computer aficionados are both called users?" |
|
|
Re: seeing separate logs for differrent interfaces.
by Henning Brauer
::
Rate this Message:
* Siju George <sgeorge.ml@...> [2009-11-03 07:07]:
> I have 2 interfaces rl1 and sk0. I would like to see their logs separately using > > #pfctl -s info can't. > if I put > > set loginterface rl1 > set loginterface sk0 > > in /etc/pf.conf and type > > #pfctl -s info > > it only shows log for sk0 yes, that is exactly the purpose of set loginterface. pfctl -vvsI is what you're after. -- Henning Brauer, hb@..., henning@... BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting |
|
|
Re: seeing separate logs for differrent interfaces.
by Siju George
::
Rate this Message:
On Tue, Nov 3, 2009 at 1:52 PM, Henning Brauer <lists-openbsd@...> wrote:
> > pfctl -vvsI is what you're after. > Thanks Michael Henning :-) --Siju |
| Free embeddable forum powered by Nabble | Forum Help |
