[Snort-users] Snort dont understand pf (openbsd) format
leitao at ...12725...
Mon Nov 29 15:10:09 EST 2004
For weeks i am trying to use snort with pf (OpenBSD) logs in linux, but
it didn't work. I broke my nose doing it. :(
I use snort-2.3.0RC1, on 2.4.28 kernel. When i try to use it, an error
occurs, see it:
leitao at ...12726...:~/snort/snort-2.3.0RC1/src$ cat snort.conf
log ip 192.168.0.0/24 any -> 192.168.0.0/24 any (msg: "Normal Logged Traffic"; \
leitao at ...12726...:~/snort/snort-2.3.0RC1/src$ ./snort -c snort.conf -l /tmp -r ~/tmp/pflog.2
Running in IDS mode
Log directory = /tmp
TCPDUMP file reading mode.
Reading network traffic from "/home/leitao/tmp/pflog.2" file.
snaplen = 1500
ERROR: OpenPcap() FSM compilation failed:
unknown data link type 117
PCAP command: (null)
Fatal Error, Quitting..
What is wrong with that? Does snort understand the pf log format?
Any suggestion will be welcome.
Async Open Source
(16) 3361 2331
São Carlos, SP
More information about the Snort-users