1
18.7 Legacy Series / Logging data length
« on: January 23, 2019, 01:55:58 pm »
Hi
I am having an issue, whereby all TCP connections are showing a data-length of 0, in the logs.
The UDP and ICMP logs seem to be returning the values, although icmp could do with dropping the string "datalength="
TCP log - I assume data size should be the field after "443" (destination port) and before the "SEC" (meant to be TCP-Flags)
UDP data size last entry
ICMP data size last entry
Now I may be completely reading the logs wrong, but I just can't seem to figure it out
Any help or clarification is appreciated
Thanks
PS: I have been reviewing the log format against https://www.netgate.com/docs/pfsense/monitoring/filter-log-format-for-pfsense-2-2.html
I am having an issue, whereby all TCP connections are showing a data-length of 0, in the logs.
The UDP and ICMP logs seem to be returning the values, although icmp could do with dropping the string "datalength="
TCP log - I assume data size should be the field after "443" (destination port) and before the "SEC" (meant to be TCP-Flags)
Code: [Select]
filterlog: 74,,,0,vmx1,match,pass,out,4,0x2,0,127,27104,0,DF,6,tcp,52,192.168.0.22,54.225.132.4,7680,443,0,SEC,362891810,,8192,,mss;nop;wscale;nop;nop;sackOK
UDP data size last entry
Code: [Select]
filterlog: 74,,,0,vmx1,match,pass,out,4,0x0,,64,4717,0,none,17,udp,96,192.168.0.22,9.9.9.9,52596,53,76
ICMP data size last entry
Code: [Select]
filterlog: 65,,,0,vmx1,match,pass,out,4,0x0,,63,21011,0,none,1,icmp,56,192.168.105.11,192.168.105.1,datalength=36
Now I may be completely reading the logs wrong, but I just can't seem to figure it out
Any help or clarification is appreciated
Thanks
PS: I have been reviewing the log format against https://www.netgate.com/docs/pfsense/monitoring/filter-log-format-for-pfsense-2-2.html