Hello Guys,
I am having a trouble with snort understanding the pf log format.
Can Erkin Acar says that snort understand the pf format, see
http://www.onlamp.com/pub/a/bsd/2004/05/06/pf_developers.html?page=3,
but it didnt work for me, see:
[EMAIL PROTECTED]:~/snort/snort-2.3.0RC1/src$ cat snort.conf
log ip 192.168.0.0/24 any -> 192.168.0.0/24 any (msg: "Normal Logged
Traffic"; \
priority: 0;)
You have new mail in /var/mail/leitao
[EMAIL PROTECTED]:~/snort/snort-2.3.0RC1/src$ ./snort -c snort.conf -l /tmp
-r ~/tmp/pflog.2
Running in IDS mode
Log directory = /tmp
TCPDUMP file reading mode.
Reading network traffic from "/home/leitao/tmp/pflog.2" file.
snaplen = 1500
ERROR: OpenPcap() FSM compilation failed:
unknown data link type 117
PCAP command: (null)
Fatal Error, Quitting..
Anthem is a linux machine. and the pflog cames from a openbsd 3.5.
I really cant make it work..
Does anyone know if snort really understant the pflog?
Any suggestion will be welcome.
Thank you
Cheers
Breno H. Leitco
http://lcr.icmc.usp.br/~leitao
--
Async Open Source
(16) 3361 2331
Sco Carlos, SP
Brasil
