Right now I'm getting syslog messages, which are being sent to my Kiwi syslog client.
Kiwi can do dns resolves on the actual data, unfort
08-15-2008 15:24:39 Local0.Info 10.10.1.1 Aug 15 15:24:39 pf: 14. 780586 rule 120/0(match): pass in on fxp0: (tos 0x0, ttl 117, id 49022, offset 0, flags [DF], proto: TCP (6), length: 48) 184.108.40.206.33738 > 10.0.1.47.110: S, cksum 0x7a94 (correct), 3194000607:3194000607(0) win 16384 <mss 1460,nop,nop,sackOK>
As you might notice the ip itself has the port behind it (with a period). Would it be possible to remove this period and replace it with a space? The syslog program is unable to resolve it since it thinks the portnumbre is part of the ip.
In the above example it's : 10.0.1.47.110
and not 10.0.1.47
Unfort, the syslog program cannot be modified to read the ip anyway. Would it be possible to change the output somehow? So the ip is separated from the port by a space?
I'm sure other people would very much apreciate this answer/change in the code, plenty of other people using Kiwi and pfsense
Anybody know if I can change this myself ( I have no programming or unix knowledge).
edit : further research, I've seen that this is not done by syslog.. but the actual logging itself is done like this and then forwarded to the syslog..
So if I check out the filter.log, I see that the ip's are being written like that already. Would it be possible to alter the logging method to have space between the ip and the port and not a period?