Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort dont understand pf (openbsd) format

From: leitao () async com br (Breno Leitão)
Date: Mon, 29 Nov 2004 21:09:30 -0200
Hello guys, 
    For weeks i am trying to use snort with pf (OpenBSD) logs in linux, but
    it didn't work. I broke my nose doing it. :(
    I use snort-2.3.0RC1, on 2.4.28 kernel. When i try to use it, an error
    occurs, see it: 

leitao@anthem:~/snort/snort-2.3.0RC1/src$ cat snort.conf 
log ip 192.168.0.0/24 any -> 192.168.0.0/24 any (msg: "Normal Logged Traffic"; \
                                       priority: 0;)

leitao@anthem:~/snort/snort-2.3.0RC1/src$ ./snort -c snort.conf -l /tmp -r ~/tmp/pflog.2 
Running in IDS mode
Log directory = /tmp
TCPDUMP file reading mode.
Reading network traffic from "/home/leitao/tmp/pflog.2" file.
snaplen = 1500
ERROR: OpenPcap() FSM compilation failed: 
        unknown data link type 117
PCAP command: (null)
Fatal Error, Quitting..

    What is wrong with that? Does snort understand the pf log format? 

Any suggestion will be welcome.

Thank you,
Breno Leitão
-- 
http://lcr.icmc.usp.br/~leitao
Async Open Source
(16) 3361 2331
São Carlos, SP
Brasil


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: