[Oisf-users] format for drop.log
Gurvinder Singh
gurvindersinghdahiya at gmail.com
Mon Dec 13 19:19:31 UTC 2010
Hi,
We are looking in to the log format for the information to be logged for
dropped packet, when the suricata is running in inline mode. We found the
log format of netfilter and pfsense quite informative and useful. It would
be good to get the community feedback on it. Below are the given log formats
of netfilter and pfsense.
Netfilter:
Apr 16 00:30:45 megahard kernel: NF: D(I,Priv) IN=eth1 OUT=
MAC=00:80:8c:1e:12:60:00:10:76:00:2f:c2:08:00 SRC=198.169.0.65
DST=198.169.0.62
LEN=60 TOS=0x00 PREC=0x00 TTL=44
ID=31526 CE DF MF FRAG=179 OPT
(072728CBA404DFCBA40253CBA4032ECBA403A2CBA4033ECBA402C1180746EA18074C52892734A200)
PROTO=TCP SPT=4515 DPT=111 SEQ=1168094040
ACK=0 WINDOW=32120 RES=0x03 URG ACK PSH
RST SYN FIN URGP=0
Pfsense:
Mar 27 05:32:39 pf: 036068 rule 74/0(match): pass in on vr1: (tos 0x0, ttl
128, id 40459, offset 0, flags [DF], proto: TCP (6), length:
48) 198.169.0.65.3848> 198.169.0.62.80: S, cksum 0x133d (correct),
3737710370:3737710370(0) win 65535<mss 1460,nop,nop,sackOK>
Regards,
Gurvinder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20101213/ce757f76/attachment-0002.html>
More information about the Oisf-users
mailing list