Snort mailing list archives
Re: monitoring pflog0 on obsd
From: MH <procana () insight rr com>
Date: Wed, 8 Oct 2003 17:36:04 -0400
Hi Shawn, When you monitor pflogd, you use tcpdump. tcpdump -ni pflog0 You will see a warning about an ip address not being assigned, that's normal because there isn't. :) Hope this helps, Mike On Wed, Oct 08, 2003 at 12:53:00PM -0700, Shawn Posthumus wrote:
Hi, I noticed in the FAQ that it is possible to monitor anything pf drops by using the pflog0 on openbsd. I ran snort as snort -i pflog0 -l /snort -c /etc/snort/snort.conf -D -U but I do not appear to be picking anything up, even though the pf logs show the attacks. I was wondering if anyone had any ideas of what I am doing wrong. Thanks. Shawn __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- monitoring pflog0 on obsd Shawn Posthumus (Oct 08)
- Re: monitoring pflog0 on obsd Mark Nipper (Oct 08)
- Re: monitoring pflog0 on obsd MH (Oct 08)
- Re: monitoring pflog0 on obsd Mark Nipper (Oct 08)
- Message not available
- Re: monitoring pflog0 on obsd MH (Oct 08)
- Re: monitoring pflog0 on obsd Shawn Posthumus (Oct 08)