By accident I found how to create a few Wireshark filters for OpenBSD PF logs.
View by PF Rule Number: pflog.rulenr == xx (where xx is the rule number)
View only Passed Packets: pflog.action == 0
View only Blocked Packets: pflog.action == 1
View by Network Interface: pflog.ifname == "xxxx" (name of the interface in ifconfig)
This should save me some time when going over the logs.
No comments:
Post a Comment