Snort mailing list archives
snort and pflog
From: "Zeus N/A" <switch79 () hotmail com>
Date: Mon, 27 Sep 2004 21:56:27 -0500
I'm kinda new to snort, and trying to get it running on my OpenBSD 3.5 firewall, but
its not working right. If i read the documentation right, i should be
able to have snort listen on pflog0 and just cpture and watch the traffic
thats regected by my firewall, which is handy because snort isn't then
logging all the arp traffic that shows up on the line.
When I start snort with
snort -i pflog0
nothing happens and after ctrl-c i get this:
Snort analyzed 105 out of 105 packets, dropping 0(0.000%) packets
Breakdown by protocol: Action Stats:
TCP: 0 (0.000%) ALERTS: 0
UDP: 0 (0.000%) LOGGED: 0
ICMP: 0 (0.000%) PASSED: 0
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 105 (100.000%)
DISCARD: 0 (0.000%)
but if i use tcpdump i get to see all the packets and it works just fine
I saw some posting in the archive of someone having the same problem back in
June i think but i couldn't find an answer to his posting that solves the
problem. I'd appreciate any type of help with this.
Thanks _________________________________________________________________On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and pflog Zeus N/A (Sep 27)