Caros instalei o snort via ports, conf default. Quando o snort snifa o log do pf ele nao identifica os protocolos =(. Sabem por que isso acontece ??
snort -o -s -r ~root/pflog.9 =============================================================================== Snort processed 27812 packets. =============================================================================== Breakdown by protocol: TCP: 0 (0.000%) UDP: 0 (0.000%) ICMP: 0 (0.000%) ARP: 0 (0.000%) EAPOL: 0 (0.000%) IPv6: 0 (0.000%) ETHLOOP: 0 (0.000%) IPX: 0 (0.000%) FRAG: 0 (0.000%) OTHER: 27812 (100.000%) DISCARD: 0 (0.000%) =============================================================================== Action Stats: ALERTS: 0 LOGGED: 0 PASSED: 0 =============================================================================== =============================================================================== Snort received 1067 packets Analyzed: 1067(100.000%) Dropped: 0(0.000%) =============================================================================== Breakdown by protocol: TCP: 1055 (98.875%) UDP: 12 (1.125%) ICMP: 0 (0.000%) ARP: 0 (0.000%) EAPOL: 0 (0.000%) IPv6: 0 (0.000%) ETHLOOP: 0 (0.000%) IPX: 0 (0.000%) FRAG: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) =============================================================================== Action Stats: ALERTS: 103 LOGGED: 103 PASSED: 0 =============================================================================== Obrigado, Rudolfo. Local: snort -o -s ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd