[Snort-users] Snort dont understand pf (openbsd) format

Matt Kettler mkettler at ...4108...
Mon Nov 29 16:08:04 EST 2004

At 06:27 PM 11/29/2004, Matt Kettler wrote:
> >     What is wrong with that? Does snort understand the pf log format?
>No, snort doesn't understand any textual log formats at all, including pf.

Self correction.. pflogd generates tcpdump binary files. So, theoretically, 
it should work with snort -r.

My mistake entirely.

However, looking around, pflogd files aren't exactly tcpdump files.. they 
have (or at least had) a "pftcpdump" to read them in freebsd:



It's unclear if OpenBSD generates real tcpdump files that any ordinary 
tcpdump can read, or if they patched tcpdump to support them.

More information about the Snort-users mailing list