2.0 syslog output for firewall rules
The firewall syslog records in 2.0 occupy two lines with the rule and action on line 1 and the source and destination IPs on line 2:
Oct 12 21:20:40 pf: 00:42:53.947828 rule 69/0(match): pass in on pppoe0: (tos 0x0, ttl 110, id 779, offset 0, flags [DF], proto TCP (6), length 52) Oct 12 21:20:40 pf: [source IP].49201 > [dest IP].80: Flags [s], cksum 0xb5f4 (correct), seq 106737394, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0 Is the log layout something that could be customized or is that just the way pf does it? Just that it's a bit of a hassle searching the logs (e.g., using notepad++ "find in files") for a specific rule or destination/port and then having to get the matching line separately. Thanks, Biggsy [/s]
grep -B1 <foo>Will grab one line before the match.
See also http://redmine.pfsense.org/issues/1938</foo>
Thanks for the grep tip, jimp, but I do like notepad++
I might try to make the change suggested in the bug tracker.
I applied the change proposed in http://redmine.pfsense.org/issues/1938, rebooted and all firewall logging had ceased - local and syslog.
Is it simply a matter of changing that line or is there something else that needs to be done? Sorry, I'm a bit out of my depth with that.
Nope, should just be that one change. If you change it back, does it start working again?
Yes, it did.
I had a good look through the logs and there weren't any errors recorded.
Looks like there is an error on that code then, it works if I run it slightly modified on the command line but not from php, seems to be various bits escaping that \n that trip it up, it needs to be \n to sed, but it's getting escaped to \n when executed.