Log formatting
-
can anyone explain the difference between these two log entries?
Jun 4 03:41:28 tfw1-lan pf: 1. 153484 rule 980/0(match): block in on em2: 195.54.119.10 > 10.1.254.252: [|icmp]
Jun 4 03:41:28 tfw1-lan pf: 000369 rule 980/0(match): block in on em2: 213.112.180.14 > 10.1.254.252: [|icmp]what i'm curious about is the column just following 'pf:' … the vast majority of my log entries are formatted like the second line; what makes the '1. ' appear in the first? it makes my log grokking scripts unfortunately complex.