fw log -h doesn't work as expected fw log -h says only to display log entries generated by the firewall named hostname, not a packet from or to hostname. This works whether you use the machines IP address or hostname.
Output from this command looks like this: #
fw log -h langhorneDate: Oct 27, 1998
0:04:17 drop langhorne >Elnk31 proto udp src 205.188.252.18 dst langhorne service 59504 s_port icq-udp len 34 rule 90:10:07 drop langhorne >Elnk31 proto udp src 205.188.252.15 dst langhorne service 59583 s_port icq-udp len 38 rule 90:13:18 drop langhorne >EE162 proto icmp src 192.168.0.78 dst 205.188.252.15 rule 9 icmp-type 3 icmp-code 3 xlatesrc langhorne xlatedst 205.188.252.150:17:01 drop langhorne >Elnk31 proto udp src icq.mirabilis.com dst langhorne service 59652 s_port icq-udp len 38 rule 9If you're trying to look at log entries where the source/destination IP/hostname is something else, you'll have to do something like "fw log | grep hostname".
--
GuyR - 06 Jan 2004
FAQForm FAQs.Class:
LoggingAndAlertingFAQs FAQs.OS: FAQs.Version:
fw log -h doesn't work as expected 
2005-08-13 
fw log -h doesn't work as expected 
Linear Mode
