[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF log and snort

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: PF log and snort
From: leitao_(_at_)_async_(_dot_)_com_(_dot_)_br (Breno Leitão)
Date: Mon, 29 Nov 2004 21:46:08 -0200
Organization: Async Open Source, Brazil

Hello Guys, 

I am having a trouble with snort understanding the pf log format. 
Can Erkin Acar says that snort understand the pf format, see
http://www.onlamp.com/pub/a/bsd/2004/05/06/pf_developers.html?page=3,
but it didnt work for me, see: 


    leitao_(_at_)_anthem:~/snort/snort-2.3.0RC1/src$ cat snort.conf 
    log ip 192.168.0.0/24 any -> 192.168.0.0/24 any (msg: "Normal Logged Traffic"; \
                                           priority: 0;)

    You have new mail in /var/mail/leitao
    leitao_(_at_)_anthem:~/snort/snort-2.3.0RC1/src$ ./snort -c snort.conf -l /tmp -r ~/tmp/pflog.2 
    Running in IDS mode
    Log directory = /tmp
    TCPDUMP file reading mode.
    Reading network traffic from "/home/leitao/tmp/pflog.2" file.
    snaplen = 1500
    ERROR: OpenPcap() FSM compilation failed: 
            unknown data link type 117
    PCAP command: (null)
    Fatal Error, Quitting..

Anthem is a linux machine. and the pflog cames from a openbsd 3.5. 
I really cant make it work.. 

Does anyone know if snort really understant the pflog?

Any suggestion will be welcome. 
Thank you

Cheers
Breno H. Leitão
http://lcr.icmc.usp.br/~leitao
-- 
Async Open Source
(16) 3361 2331
São Carlos, SP
Brasil

Prev by Date: LSI MegaRAID SATA
Next by Date: dmesg beautifying
Previous by thread: LSI MegaRAID SATA
Next by thread: dmesg beautifying
Index(es):
- Date
- Thread

Visit your host, monkey.org