Project

General

Profile

Actions

Bug #10776

closed

filterlog: Loopback source/destination sometimes reports 127.0.0.1 as 127.0.01

Added by Bertram Truong over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Logging
Target version:
Start date:
07/19/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

I'm setting up remote logging of the pfSense filterlog to my ES server, and seems that some of the logs are failing to be parsed because the source IP is showing as `127.0.01` (not a typo) sometimes.

For example, I might have a log that looks like this:

<134>Jul 18 06:46:13 filterlog: 70,,,1000002661,lo0,match,pass,in,4,0x0,,64,54355,0,none,17,udp,68,127.0.0.1,127.0.0.1,7698,53,488

The log above is parsed correctly, as it's a valid source IP and destination IP. However, subsequently, right after that I might get a log that looks like this:

<134>Jul 18 06:46:13 filterlog: 74,,,1000002665,lo0,match,pass,out,4,0x0,,64,52645,0,none,17,udp,68,127.0.01,127.0.0.1,3222,53,488

My parser will fail on the above log as the source IP is being written as 127.0.01. I've cross checked this with FreeBSD and seems like 127.0.01 is aliased to 127.0.0.1, but I can't seem to work out where that specific source IP is coming from.

Actions

Also available in: Atom PDF