Bug #10776
closed
filterlog: Loopback source/destination sometimes reports 127.0.0.1 as 127.0.01
0%
Description
I'm setting up remote logging of the pfSense filterlog to my ES server, and seems that some of the logs are failing to be parsed because the source IP is showing as `127.0.01` (not a typo) sometimes.
For example, I might have a log that looks like this:
<134>Jul 18 06:46:13 filterlog: 70,,,1000002661,lo0,match,pass,in,4,0x0,,64,54355,0,none,17,udp,68,127.0.0.1,127.0.0.1,7698,53,488
The log above is parsed correctly, as it's a valid source IP and destination IP. However, subsequently, right after that I might get a log that looks like this:
<134>Jul 18 06:46:13 filterlog: 74,,,1000002665,lo0,match,pass,out,4,0x0,,64,52645,0,none,17,udp,68,127.0.01,127.0.0.1,3222,53,488
My parser will fail on the above log as the source IP is being written as 127.0.01. I've cross checked this with FreeBSD and seems like 127.0.01 is aliased to 127.0.0.1, but I can't seem to work out where that specific source IP is coming from.
Updated by Jim Pingle almost 4 years ago
- Category set to Logging
- Status changed from New to Feedback
- Assignee set to Luiz Souza
- Target version set to 2.5.0
Bertram,
Can you check and confirm that the form of the address you see in the log is not present on your interface (ifconfig lo0) or anywhere in your config.xml?
Given that nobody else has reported it, it seems like it could be isolated to your environment, but not many people are logging traffic to/from localhost in that way either.
Updated by Anonymous over 3 years ago
- Status changed from Feedback to Closed
No response from OP in three months