One more try: Number of fields in pfirewall.log

[Ed van Balen]

Hi,

I did ask this question on September 12, but did not get any response.
Because I am still confused by this, one more try:

In the WinXP-SP2 firewall log pfirewall.log there are 17 fields on each
line, separated by spaces.
However, in the header of the log file only 16 fields are identified:
#Fields: date time action protocol src-ip dst-ip src-port dst-port size
tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info
Reading KB-article 875357, I guess that the field names in the header are
for the first 16 fields.
But then what is the 17th field, containing for instance "-" or "RECEIVE"?
Is this the direction of the packet, relative to the host?

Anybody?

Thanks,
--
Ed van Balen
Amsterdam, the Netherlands
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please respond in this newsgroup.
Tired of the spam, my E-mail address is faked.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Torgeir Bakken \(MVP\)]

I did ask this question on September 12, but did not get any response.
Because I am still confused by this, one more try:

In the WinXP-SP2 firewall log pfirewall.log there are 17 fields on each
line, separated by spaces.
However, in the header of the log file only 16 fields are identified:
#Fields: date time action protocol src-ip dst-ip src-port dst-port size
tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info
Reading KB-article 875357, I guess that the field names in the header are
for the first 16 fields.
But then what is the 17th field, containing for instance "-" or "RECEIVE"?
Is this the direction of the packet, relative to the host?

Anybody?

Hi

That one is documented here (much more detailed document than KB875357):

Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/...46-131d-4617-bf68-f0532d8db131&DisplayLang=en

<quote>
Path:

Displays the direction that the packet was traveling. Typical values
are SEND (for sent packets), RECEIVE (for received packets), and
FORWARD (for forwarded packets).
</quote>

 

[Ed van Balen]

Hi

That one is documented here (much more detailed document than
KB875357):
Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack
2
http://www.microsoft.com/downloads/...46-131d-4617-bf68-f0532d8db131&DisplayLang=en

<quote>
Path:

Displays the direction that the packet was traveling. Typical values
are SEND (for sent packets), RECEIVE (for received packets), and
FORWARD (for forwarded packets).
</quote>

Thanks Torgeir!
That was exactly what I was looking for.
So indeed it is the direction of the packets.

And, to my surprise, Microsoft somehow already fixed this issue in the
logfile!
It appears that the current logfile shows "Version 1.5" in the header, and
now shows the "path" field-name as well.
A backup of a logfile that I did save three days ago still shows "Version
1.0" in the header, and was still missing the "path" field-name.
So now I am only wondering how and when this has been corrected. Probably
with one of the recent security updates.

Regards,
--
Ed van Balen
Amsterdam, the Netherlands
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please respond in this newsgroup.
Tired of the spam, my E-mail address is faked.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~