On 11:34, Tue 03 Nov 09, Siju George wrote:
> Hi,
>
> I have 2 interfaces rl1 and sk0. I would like to see their logs separately
> using
>
> #pfctl -s info
>
> if I put
>
> set loginterface rl1
> set loginterface sk0
>
> in /etc/pf.conf and type
>
> #pfctl -s info
>
> it only shows log for sk0
>
> ---------------------------
> # cat /etc/pf.conf |grep loginterface
> set loginterface rl1
> set loginterface sk0
> # pfctl -s info
> Status: Enabled for 1 days 03:52:55 Debug: Urgent
>
> Interface Stats for sk0 IPv4 IPv6
> Bytes In 63870343 0
> Bytes Out 299895368 64
> Packets In
> Passed 421299 0
> Blocked 95198 0
> Packets Out
> Passed 434992 1
> Blocked 0 0
>
> State Table Total Rate
> current entries 87
> searches 1822134 18.2/s
> inserts 65674 0.7/s
> removals 65587 0.7/s
> Counters
> match 240352 2.4/s
> bad-offset 0 0.0/s
> fragment 0 0.0/s
> short 0 0.0/s
> normalize 0 0.0/s
> memory 0 0.0/s
> bad-timestamp 0 0.0/s
> congestion 0 0.0/s
> ip-option 0 0.0/s
> proto-cksum 0 0.0/s
> state-mismatch 50 0.0/s
> state-insert 0 0.0/s
> state-limit 0 0.0/s
> src-limit 0 0.0/s
> synproxy 0 0.0/s
> #
> ------------------------------------
>
>
>
> If I make an interface group
>
> log_ifs="{rl1, sk0}
> set loginterface log_ifs
>
> it shows the combined log
>
> ---------------
> # pfctl -s info
> Status: Enabled for 1 days 03:46:03 Debug: Urgent
>
> Interface Stats for log_ifs IPv4 IPv6
> Bytes In 0 0
> Bytes Out 0 0
> Packets In
> Passed 0 0
> Blocked 0 0
> Packets Out
> Passed 0 0
> Blocked 0 0
>
> State Table Total Rate
> current entries 137
> searches 1806931 18.1/s
> inserts 65146 0.7/s
> removals 65009 0.7/s
> Counters
> match 239143 2.4/s
> bad-offset 0 0.0/s
> fragment 0 0.0/s
> short 0 0.0/s
> normalize 0 0.0/s
> memory 0 0.0/s
> bad-timestamp 0 0.0/s
> congestion 0 0.0/s
> ip-option 0 0.0/s
> proto-cksum 0 0.0/s
> state-mismatch 46 0.0/s
> state-insert 0 0.0/s
> state-limit 0 0.0/s
> src-limit 0 0.0/s
> synproxy 0 0.0/s
> ----------------------------
>
> How do I do it correctly?
Tag all packets on sk0 with label sk0 and all packets on rl1 with label
rl1 and look at the counters on the labels.
>
> Thanks
>
> --Siju
>
--
Michiel van Baak
mich...@vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD
"Why is it drug addicts and computer aficionados are both called users?"
