set your rule in pf.conf to log blocked attempts <In Current> look at tables for 3.3 goodness to do the blocked list </In Current> look at tcpdump -n -e -ttt -r pflog to see the rules numbeer, remember it. then you can grep a tee off pflog0 for blocks on that rule - and hunt down the wilding cube-weasels just don't bag a slothy PHB by mistake - you should know that IP. =)
-----Original Message----- From: Bryan Irvine [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: pflogging Is there a way to pipe only parts of pf to a log file? Or a different log file? What I want to do is create a block list ie: blockporn = "{ playboy.com sex.com msn.com }" block out log quick on $LAN from $blockporn to any Then I want to review the block attempts and see who is trying to connect. If there's a way to get a tet file that contains only block requests from this rule that would be ideal. --Bryan