Here the result of some my investigation:
1) There is function DecodePflog in snort-2.4.5/src/decode.c and it
isn't actual for OpenBSD 4.0 pflog or it's just a mistake there.
2) In snort-2.4.5/src/decode.h describing pflog header structisn't
actual for OpenBSD 4.0 pflog (just look at 'man pfl
On 2006/12/06 22:18, Alexander Zatserkovniy wrote:
> Olaf Schreck wrote:
> >> I'm novice with OpenBSD and , may be
> >> snort -i pflog0
> >> a kind of bad practice? Or it known problem with OpenBSD 4.0 ?
> >
> > Won't work. Although pflog does create pcap style output, it is not
> > data that wo
Olaf Schreck wrote:
>> I'm novice with OpenBSD and , may be
>> snort -i pflog0
>> a kind of bad practice? Or it known problem with OpenBSD 4.0 ?
>
> Won't work. Although pflog does create pcap style output, it is not
> data that would make sense to snort.
>
> Use real interfaces for snort (eg r
> I'm novice with OpenBSD and , may be
> snort -i pflog0
> a kind of bad practice? Or it known problem with OpenBSD 4.0 ?
Won't work. Although pflog does create pcap style output, it is not
data that would make sense to snort.
Use real interfaces for snort (eg rl0, fxp1, whatever).
ciao,
chak
4 matches
Mail list logo
