[Snort-users] Snort dont understand pf (openbsd) format
mkettler at ...4108...
Mon Nov 29 16:08:04 EST 2004
At 06:27 PM 11/29/2004, Matt Kettler wrote:
> > What is wrong with that? Does snort understand the pf log format?
>No, snort doesn't understand any textual log formats at all, including pf.
Self correction.. pflogd generates tcpdump binary files. So, theoretically,
it should work with snort -r.
My mistake entirely.
However, looking around, pflogd files aren't exactly tcpdump files.. they
have (or at least had) a "pftcpdump" to read them in freebsd:
It's unclear if OpenBSD generates real tcpdump files that any ordinary
tcpdump can read, or if they patched tcpdump to support them.
More information about the Snort-users