Actions
Bug #10776
closedfilterlog: Loopback source/destination sometimes reports 127.0.0.1 as 127.0.01
Start date:
07/19/2020
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
I'm setting up remote logging of the pfSense filterlog to my ES server, and seems that some of the logs are failing to be parsed because the source IP is showing as `127.0.01` (not a typo) sometimes.
For example, I might have a log that looks like this:
<134>Jul 18 06:46:13 filterlog: 70,,,1000002661,lo0,match,pass,in,4,0x0,,64,54355,0,none,17,udp,68,127.0.0.1,127.0.0.1,7698,53,488
The log above is parsed correctly, as it's a valid source IP and destination IP. However, subsequently, right after that I might get a log that looks like this:
<134>Jul 18 06:46:13 filterlog: 74,,,1000002665,lo0,match,pass,out,4,0x0,,64,52645,0,none,17,udp,68,127.0.01,127.0.0.1,3222,53,488
My parser will fail on the above log as the source IP is being written as 127.0.01. I've cross checked this with FreeBSD and seems like 127.0.01 is aliased to 127.0.0.1, but I can't seem to work out where that specific source IP is coming from.
Actions