Snort mailing list archives
Snort dont understand pf (openbsd) format
From: leitao () async com br (Breno Leitão)
Date: Mon, 29 Nov 2004 21:09:30 -0200
Hello guys, For weeks i am trying to use snort with pf (OpenBSD) logs in linux, but it didn't work. I broke my nose doing it. :( I use snort-2.3.0RC1, on 2.4.28 kernel. When i try to use it, an error occurs, see it: leitao@anthem:~/snort/snort-2.3.0RC1/src$ cat snort.conf log ip 192.168.0.0/24 any -> 192.168.0.0/24 any (msg: "Normal Logged Traffic"; \ priority: 0;) leitao@anthem:~/snort/snort-2.3.0RC1/src$ ./snort -c snort.conf -l /tmp -r ~/tmp/pflog.2 Running in IDS mode Log directory = /tmp TCPDUMP file reading mode. Reading network traffic from "/home/leitao/tmp/pflog.2" file. snaplen = 1500 ERROR: OpenPcap() FSM compilation failed: unknown data link type 117 PCAP command: (null) Fatal Error, Quitting.. What is wrong with that? Does snort understand the pf log format? Any suggestion will be welcome. Thank you, Breno Leitão -- http://lcr.icmc.usp.br/~leitao Async Open Source (16) 3361 2331 São Carlos, SP Brasil ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort dont understand pf (openbsd) format Breno Leitão (Nov 29)
- Re: Snort dont understand pf (openbsd) format Matt Kettler (Nov 29)
- Re: Snort dont understand pf (openbsd) format Matt Kettler (Nov 29)
- Re: Snort dont understand pf (openbsd) format Sean Brown (Nov 29)
- Re: Snort dont understand pf (openbsd) format Matt Kettler (Nov 29)
- Re: Snort dont understand pf (openbsd) format Sean Brown (Nov 29)
- Re: Snort dont understand pf (openbsd) format Matt Kettler (Nov 30)
- Re: Snort dont understand pf (openbsd) format Matt Kettler (Nov 30)
- Re: Snort dont understand pf (openbsd) format Christian Robottom Reis (Nov 30)
- Re: Snort dont understand pf (openbsd) format Sean Brown (Nov 30)
- Re: Snort dont understand pf (openbsd) format Christian Robottom Reis (Dec 01)
- Re: Snort dont understand pf (openbsd) format Matt Kettler (Nov 29)
- Re: Snort dont understand pf (openbsd) format Matt Kettler (Nov 29)