[Snort-users] snort and pflog

Zeus N/A switch79 at ...125...
Mon Sep 27 20:09:42 EDT 2004

I'm kinda new to snort, and trying to get it running on my OpenBSD 3.5 
firewall, but
its not working right. If i read the documentation right, i should be
able to have snort listen on pflog0 and just cpture and watch the traffic
thats regected by my firewall, which is handy because snort isn't then
logging all the arp traffic that shows up on the line.

When I start snort with
snort -i pflog0
nothing happens and after ctrl-c i get this:

	Snort analyzed 105 out of 105 packets, dropping 0(0.000%) packets

	Breakdown by protocol:                Action Stats:
	   TCP: 0          (0.000%)          ALERTS: 0
	    UDP: 0          (0.000%)          LOGGED: 0
	   ICMP: 0          (0.000%)          PASSED: 0
	    ARP: 0          (0.000%)
	  EAPOL: 0          (0.000%)
	   IPv6: 0          (0.000%)
	    IPX: 0          (0.000%)
	  OTHER: 105        (100.000%)
	DISCARD: 0          (0.000%)

but if i use tcpdump i get to see all the packets and it works just fine

I saw some posting in the archive of someone having the same problem back in 
June i think but i couldn't find an answer to his posting that solves the 
problem. I'd appreciate any type of help with this.

On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

More information about the Snort-users mailing list