On 2008/11/19 13:48, Russell Fulton wrote: > Does anyone have any suggestions as to how we can get data in pf log > files into pcap files that can be read (and filtered) on other > systems.
the packets have a "struct pfloghdr" header as described in pflog(4); this could be chopped off. I'm not aware of existing software that does this, but it would be simple to code.
