[Snort-users] snort error reading tcpdump openbsd

Oliver Bode oliver at ...6319...
Sat Jul 13 20:15:02 EDT 2002


I am an openbsd user and this article:
http://www.lucidic.net/whitepapers/manuzis-7-5-2002-1.html was of interest
to me. Yesterday I installed snort and acid and have been very pleased with
the results.

Anyway, I want to now sniff my pflogs and put them into mysql. The problem
is that when I type the following command:

/usr/local/bin/snort -r /var/log/pflog

I get the following error:

/usr/local/bin/snort cannot handle data link type 17

I can read pflog with tcpdump but not with snort. Is there another way
around this or am I doing something wrong.

More information about the Snort-users mailing list