i'm a bit lost ... after reading howto/faq/man pages/ipmon.c i still have no clue how this log entry (actually it was thousands of them) got created and what it means:
Oct 27 11:10:07 some-machine ipmon[289]: [ID 702911 auth.notice] 11:10:06.616467 hme0 @-1:-1 P 202.1.64.22,650 -> 160.59.217.230,2049 PR tcp len 20 40 -A OUT i have no idea what rules were loaded - by the time i got a shell account on the machine, no rules were loaded. the default rule set would NEVER log passed packets, i assume that people were playing around with the rules ... or unloaded all rules - but why did anything get logged then? why is the p (for pass) capital? what do group/rule -1/-1 mean? i dont think that machine/os info is very important, however, this log is from ip-filter 3.4.30 running on solaris 8 (sparc, 64bit kernel). TIA for any hints -michael ______________________________ Michael Eberle Partner http://www.semantics.ch
