Another attempt at fixing logs

2 files changed, 16 insertions, 9 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index ec29413..0d41dd2 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -47,11 +47,8 @@ function filter_pflog_start() {
 	}	
 
 	mute_kernel_msgs();
-	
-	/* do not run pflogd on non HD platforms */	
-	//if($g['platform'] == "pfSense") 
-	//	mwexec("/sbin/ifconfig pflog0 up && pflogd");
-	mwexec_bg("/usr/sbin/tcpdump -l -n -e -ttt -v -i pflog0 | egrep -e \"IGMP|TCP|UDP|ESP|IGRP|IGMP|ICMP|esp|tcp|udp|icmp|igmp|igrp\" |logger -t pf -p local0.info");
+
+	mwexec_bg("/usr/sbin/tcpdump -l -n -e -ttt -v -i pflog0 | logger -t pf -p local0.info");
 	
 	unmute_kernel_msgs();
 
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php
index 1c9caff..e5c0598 100755
--- a/usr/local/www/diag_logs_filter.php
+++ b/usr/local/www/diag_logs_filter.php
@@ -79,7 +79,13 @@ function conv_clog($logfile, $tail = 50) {
 			break;
 
 		$log_split = "";
-		  	
+		
+		
+		preg_match("/(\b(?:\d{1,3}\.){3}\d{1,3}(\.\w+)?)\s.*\s(\b(?:\d{1,3}\.){3}\d{1,3}(\.\w+)?)/", $logent, $log_split);
+
+		$flent['src'] 		= convert_port_period_to_colon($log_split[1]);
+		$flent['dst'] 		= convert_port_period_to_colon($log_split[3]);	
+
 		preg_match("/(.*)\s.*\spf:\s.*\srule\s(.*)\(match\)\:\s(.*)\s\w+\son\s(\w+)\:\s(.*)\s>\s(.*)\:\s.*/", $logent, $log_split);
 		
 		$logent = strtoupper($logent);
@@ -119,12 +125,16 @@ function conv_clog($logfile, $tail = 50) {
 		if($config['interfaces'][$friendly_int]['descr'] <> "")
 			$flent['interface'] = "{$config['interfaces'][$friendly_int]['descr']}";
 		
-		$flent['src'] 		= convert_port_period_to_colon($log_split[5]);
-		$flent['dst'] 		= convert_port_period_to_colon($log_split[6]);
-		
 		$tmp = split("/", $log_split[2]);
 		$flent['rulenum'] = $tmp[0];
 		
+		if($flent['src'] == "")
+			continue;
+		if($flent['dst'] == "")
+			continue;
+		if($flent['time'] == "")
+			continue;
+
 		$counter++;
 		$filterlog[] = $flent;