[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pflogging >> busted



set your rule in pf.conf to log blocked attempts <In Current> look at tables
for 3.3 goodness to do the blocked list </In Current> look at tcpdump -n -e
-ttt -r pflog to see the rules numbeer, remember it. then you can grep a tee
off pflog0 for blocks on that rule - and hunt down the wilding cube-weasels
just don't bag a slothy PHB by mistake - you should know that IP. =)
-----Original Message-----
From: Bryan Irvine [mailto:[email protected]]
Sent: Tuesday, March 18, 2003 3:00 PM
To: [email protected]
Subject: pflogging
Is there a way to pipe only parts of pf to a log file?  Or a different
log file?
What I want to do is create a block list 
ie:
blockporn = "{ playboy.com sex.com msn.com }"
block out log quick on $LAN from $blockporn to any
Then I want to review the block attempts and see who is trying to
connect.  If there's a way to get a tet file that contains only block
requests from this rule that would be ideal.
--Bryan