[Hatchet-users] Missing graphs, pflog problem?

Thu Jun 16 01:50:31 EDT 2005

I installed hatchet 0.8 on my router yesterday, using the chroot  
apache, and it looks great. But there are no rows in the "Firewall  
Log" table on the main page (hatchet.cgi), and no images in "Top  
Source Hosts" and "Top Destination Ports". All four of the graphs in  
"Last 24 Lours" and "Last 7 Days" work fine.

The pfstat chain seems to be working great from beginning to end,  
which is why the four pfstat graphs work. My pflog and pflog.db  
weren't updating until i added "log" to all my block and pass rules  
in pf.conf. Is this normal? Now those two files update every couple  
minutes, but i still don't see the graphs and table. I did some  
poking around in the source and it looks like they're reading the db  
file, but nothing in there matches the patterns they're looking for.  
Here's a snippet of the bottom of my pflog:

01:48 foobaz at tacobell:foobaz]$ sudo tcpdump -n -e -ttt -r /var/log/ 
pflog | tail -n5
Jun 16 01:48:43.555730 rule 0/(match) block in on xl0:  
71.100.16.186.3326 > 71.100.29.78.445: S 774472804:774472804(0) win  
64240 <mss 1460,nop,nop,sackOK>
Jun 16 01:48:46.526391 rule 0/(match) block in on xl0:  
71.100.16.186.3326 > 71.100.29.78.445: S 774472804:774472804(0) win  
64240 <mss 1460,nop,nop,sackOK>
Jun 16 01:48:51.546503 rule 47/(match) pass in on xl0:  
69.0.126.155.4262 > 192.168.1.3.9881: S 761254636:761254636(0) win  
65535 <mss 1452,nop,nop,sackOK>
Jun 16 01:48:52.207226 rule 49/(match) pass in on xl0:  
83.226.171.43.6881 > 192.168.1.3.9881:  udp 58 [tos 0x30]
Jun 16 01:48:52.550427 rule 49/(match) pass in on xl0:  
67.189.4.112.20965 > 192.168.1.3.9881:  udp 58

Does anything about that look wrong? What could i be doing wrong  
here? If you want to look at my hatchet page, it's at http:// 
outpost.shacknet.nu/hatchet/

Thank you,
Will MacKay