eureka
After logging all traffic out to console and
monitoring this during reboot/boot I came to a
stunning conclusion (or might I say the OS gave me
the answer).
Upon every reboot I would see the following in
dmesg:
Jul 01 08:39:55 192.168.1.1 Jul 1 08:42:00 pf:
tcpdump: WARNING: pflog0:
.
Intel, or if that is even the issue.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] pfSense Firewall
Logs: no ports listed !?
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 07-01-2007 9:42 am
eureka
After logging all
and it seems to
have no adverse affect. I just don't know what
the difference is in processing packets on AMD vs.
Intel, or if that is even the issue.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] pfSense Firewall
Logs: no ports listed
Problem is now solved in recent snapshots.
Indeed it is, thanks for all the great work.
I have noticed that all of the entries show as
proto ESP. I seem to remember that some time ago
this same situation crept in after a
logging/logging ports issue a while ago. I seem
to remember that
switch to
the tcpdump statement to no avail.
Just though I'd report my findings.
Going to do a full reinstall in an hour or so and
will report after that.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] pfSense Firewall
Logs: no ports
On Sat, 2007-06-30 at 07:44 -0400, David Strout wrote:
An updete ...
It seems that TCP packets (looks like UDP and ICMP
are exempt from this issue and report correctly)
are getting reported as ESP proto. I enable the
RAW logging and see the logger stream as I'd
expect to. I have even
I have added some sample log data from the problem
server as you asked.
We have some major log display issues back in
1.2 snapshots for some
reason.
Can you add your findings as a comment to this?
http://cvstrac.pfsense.com/tktview?tn=1348,32
On 6/25/07, David Strout [EMAIL PROTECTED] wrote:
Morning everyone,
Just wanted to give an update I did an
upgrade on an older
1.2-BETA-1-TESTING-SNAPSHOT-05-??-2007 (I think it
was around 5-10,11 time frame) and the logging
seems to work with this.
I have found in testing that anything
Yup, I have tested this on both a Soekris 4801 and
a server install ... the below findings are what I
observed on both platforms.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] pfSense Firewall
Logs: no ports listed !?
From: [EMAIL
On 6/29/07, David Strout [EMAIL PROTECTED] wrote:
Yup, I have tested this on both a Soekris 4801 and
a server install ... the below findings are what I
observed on both platforms.
Problem is now solved in recent snapshots.
Scott
Morning everyone,
Just wanted to give an update I did an
upgrade on an older
1.2-BETA-1-TESTING-SNAPSHOT-05-??-2007 (I think it
was around 5-10,11 time frame) and the logging
seems to work with this.
I have found in testing that anything after the
5-29 builds are broken and if you do a
David Strout wrote:
Morning everyone,
Just wanted to give an update I did an
upgrade on an older
1.2-BETA-1-TESTING-SNAPSHOT-05-??-2007 (I think it
was around 5-10,11 time frame) and the logging
seems to work with this.
I have found in testing that anything after the
5-29 builds are
On Jun 17, 2007, at 4:15 PM, Bill Marquette wrote:
Good...I guess :-/ that patch is eliminated then. So we're down to 6
days, the 5th - 11th of June. I'll keep digging, there was a change
on the 9th that looked somewhat suspicious to me earlier.
Sorry for jumping in late... catching up on
I also noticed that in the show raw logs mode the
ports do not show.
--
David L. Strout
Engineering Systems Plus, LLC
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
It's because it's also not in the filter.log... :-(
-Ursprüngliche Nachricht-
Von: David Strout [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 18. Juni 2007 21:47
An: support@pfsense.com
Betreff: Re: [pfSense Support] pfSense Firewall Logs: no ports listed !?
I also noticed
[mailto:[EMAIL PROTECTED]
Gesendet: Montag, 18. Juni 2007 21:47
An: support@pfsense.com
Betreff: Re: [pfSense Support] pfSense Firewall
Logs: no ports listed !?
I also noticed that in the show raw logs mode
the
ports do not show.
--
David L. Strout
Engineering Systems Plus, LLC
I find that if you issue the snarf (snaplen)
switch to the tcpdump command it reports the
correct ports. Where is the /usr/sbin/tcpdump -l
-n -e -ttt -i pflog0 issued from .. rc script
I also noticed that in the show raw logs mode
the
ports do not show.
--
David L. Strout
Engineering
Check in /etc/inc/filter.inc IIRC.
Scott
On 6/18/07, David Strout [EMAIL PROTECTED] wrote:
I find that if you issue the snarf (snaplen)
switch to the tcpdump command it reports the
correct ports. Where is the /usr/sbin/tcpdump -l
-n -e -ttt -i pflog0 issued from .. rc script
I also
Looks like there is a possibility to start the
tcpdump sequence that feeds syslog with a -s 128
parameter, but not sure if it is producing the
desired results.
Check in /etc/inc/filter.inc IIRC.
Scott
On 6/18/07, David Strout [EMAIL PROTECTED]
wrote:
I find that if you issue the snarf
NOPE !!!
Last suggestion DID NOT produce the desired
results. It did show some ports but everything
shows up as proto ESP and I think the ports (src
dst) were reversed.
Looks like logging (port displaying) is broken. I
will try to help figure it out and lend a hand
where I can in this effort.
We have narrowed this down to somewhere between 5/29 and 6/11 - I
suspect it's a change that occurred on 6/3. Does anyone have a snap
_built_ on 6/2 and/or on 6/4 that they can test to confirm this
behavior? To be clear, I'm looking for the line that says Built on,
not the snapshot-mm-dd line.
Very helpful. So we're down to after 2AM on 6/3 and before 6/11.
Anyone have a 6/4 snap by any chance? We're trying to narrow it down
to a patch we committed on the 3rd (that shouldn't have this effect).
As best as I can tell, nothing in the PHP code changed, so we're
digging into the build
Sorry, i have not a snap from 6/4...
Bill Marquette schrieb:
Very helpful. So we're down to after 2AM on 6/3 and before 6/11.
Anyone have a 6/4 snap by any chance? We're trying to narrow it down
to a patch we committed on the 3rd (that shouldn't have this effect).
As best as I can tell,
@pfsense.com
Betreff: Re: [pfSense Support] pfSense Firewall Logs: no ports listed !?
Very helpful. So we're down to after 2AM on 6/3 and before 6/11.
Anyone have a 6/4 snap by any chance? We're trying to narrow it down
to a patch we committed on the 3rd (that shouldn't have this effect).
As best
] pfSense Firewall Logs: no ports listed !?
Very helpful. So we're down to after 2AM on 6/3 and before 6/11.
Anyone have a 6/4 snap by any chance? We're trying to narrow it down
to a patch we committed on the 3rd (that shouldn't have this effect).
As best as I can tell, nothing in the PHP code
Are you sure this snapshot is from last issue?
-Original Message-
From: Heiko Garbe [mailto:[EMAIL PROTECTED]
Sent: sábado, 16 de junho de 2007 04:26
To: support@pfsense.com
Subject: Re: [pfSense Support] pfSense Firewall Logs: no ports listed !?
Hello,
here is a screenshot. I think he
[mailto:[EMAIL PROTECTED]
Sent: sábado, 16 de junho de 2007 04:26
To: support@pfsense.com
Subject: Re: [pfSense Support] pfSense Firewall Logs: no ports listed !?
Hello,
here is a screenshot. I think he means the firewall logs in the gui
Greetings
heiko
Chris Buechler schrieb:
On Fri, 2007
: Heiko Garbe [mailto:[EMAIL PROTECTED]
Sent: sábado, 16 de junho de 2007 04:26
To: support@pfsense.com
Subject: Re: [pfSense Support] pfSense Firewall Logs: no ports listed !?
Hello,
here is a screenshot. I think he means the firewall logs in the gui
Greetings
heiko
Chris Buechler schrieb
That looks more like a protocol decode issue to me. 224.0.0.2 is a
multicast address, I wouldn't be surprised if that really wasn't UDP.
Can you show an example of a TCP log entry w/out ports, or something
to a non-multicast address? Thanks
--Bill
On 6/16/07, Heiko Garbe [EMAIL PROTECTED]
224.0.0.2 is the all routers multicast address, and any traffic to it
is probably router discovery or something similar.
adam.
That looks more like a protocol decode issue to me. 224.0.0.2 is a
multicast address, I wouldn't be surprised if that really wasn't UDP.
Can you show an example of a
Hi !
In the firewall logs always was shown blocked traffic with the ports
that were used...
Now with the 6-6 snapshot it does not display the ports anymore ... !?
It's a little confusing and seems tob e a bit silly / senseless not to
display the ports !?
Is it a bug or a feature ?
Regards,
On Fri, 2007-06-15 at 18:01 +0200, Fuchs, Martin wrote:
Hi !
In the firewall logs always was shown blocked traffic with the ports
that were used...
Now with the 6-6 snapshot it does not display the ports anymore ... !?
It's a little confusing and seems tob e a bit silly / senseless not
32 matches
Mail list logo