[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Logging dropped states (max-src-states)
Jeff Wilson wrote:
I think set debug records that the limits were hit with 3.7 but not with 3.5
One of my networks is behind an OpenBSD 3.5-stable firewall, and
another network is behind a OpenBSD 3.7-stable firewall. Between the
two networks, I am serving over 4,000 clients. Both firewalls limit
source IP state with "max-src-states". Once a client hits this state
limit, no new state is allowed -- which is what I want, of course.
My objective is to more efficiently troubleshoot connectivity
problems, after the fact. When I get the call from a colleague,
asking "Can you tell me if Joe Bob was at his limit yesterday at 5pm?"
Right now, I just shrug and say, "Nope!"
Is there a straightforward way to log these "disallowed" states? Or
perhaps a way to log which IPs have hit this ceiling, and when, and
for how long?