[FUG-BR] Parsear log do pf untilizando snort
Rudolfo rosa
rudolforosa em gmail.com
Segunda Agosto 28 20:54:19 BRT 2006
Caros instalei o snort via ports, conf default. Quando o snort snifa o
log do pf ele nao identifica os protocolos =(.
Sabem por que isso acontece ??
snort -o -s -r ~root/pflog.9
===============================================================================
Snort processed 27812 packets.
===============================================================================
Breakdown by protocol:
TCP: 0 (0.000%)
UDP: 0 (0.000%)
ICMP: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
FRAG: 0 (0.000%)
OTHER: 27812 (100.000%)
DISCARD: 0 (0.000%)
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
===============================================================================
Snort received 1067 packets
Analyzed: 1067(100.000%)
Dropped: 0(0.000%)
===============================================================================
Breakdown by protocol:
TCP: 1055 (98.875%)
UDP: 12 (1.125%)
ICMP: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
FRAG: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
===============================================================================
Action Stats:
ALERTS: 103
LOGGED: 103
PASSED: 0
===============================================================================
Obrigado, Rudolfo.
Local:
snort -o -s
Mais detalhes sobre a lista de discussão freebsd