Actions
Bug #112
closed
mDNS firewall logs not displayed properly.
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
10/13/2009
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
1.2.2
Affected Architecture:
Description
There is an issue in the parsing of firewall logs for mDNS traffic. The destination IP shows as something like 0.1.6.5:C for log messages similar to:
Oct 13 16:46:42 firewall pf: 000466 rule 521/0(match): block in on em0: (tos 0x18, ttl 255, id 63011, offset 0, flags [none], proto UDP (17), length 142) 10.0.29.2.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 0.1.6.5.C.9.E.F.F.F.3.9.D.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. (Cache flush) PTR blah.local. (114)
Updated by Jim Pingle over 15 years ago
Not sure why it isn't parsing properly. At least a simple test with the CLI version of the parser seems to be working:
echo "Oct 13 16:46:42 firewall pf: 000466 rule 521/0(match): block in on em0: (tos 0x18, ttl 255, id 63011, offset 0, flags [none], proto UDP (17), length 142) 10.0.29.2.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 0.1.6.5.C.9.E.F.F.F.3.9.D.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. (Cache flush) PTR blah.local. (114)" | php -q /usr/local/www/filterparser.php Oct 13 16:46:42 block em0 UDP 10.0.29.2:5353 224.0.0.251:5353
I get the same results on 1.2.3-RC3 and 2.0
Updated by Chris Buechler over 15 years ago
- Affected Version changed from 1.2.3 to 1.2.2
this is 1.2.2 actually, may not be an issue in 1.2.3.
Updated by Chris Buechler over 15 years ago
- Status changed from New to Resolved
- Target version deleted (
2.0)
This does appear to be fine in 1.2.3 and 2.0.
Actions