[Snort-users] snort error reading tcpdump openbsd

Clint M. Sand cmsand at ...163...
Sat Jul 13 22:10:02 EDT 2002


I've had the same error with the snort version used in Openbsd's ports 
tree in 3.1, downloading and installing Snort Version 1.8.6 (Build 105) 
from snort.org took care of it.


Oliver Bode wrote:

>Hello,
>
>I am an openbsd user and this article:
>http://www.lucidic.net/whitepapers/manuzis-7-5-2002-1.html was of interest
>to me. Yesterday I installed snort and acid and have been very pleased with
>the results.
>
>Anyway, I want to now sniff my pflogs and put them into mysql. The problem
>is that when I type the following command:
>
>/usr/local/bin/snort -r /var/log/pflog
>
>I get the following error:
>
>/usr/local/bin/snort cannot handle data link type 17
>
>I can read pflog with tcpdump but not with snort. Is there another way
>around this or am I doing something wrong.
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list