On Sunday 29 August 2004 00:10, Erik U. wrote: > On FreeBSD 5.2.1. > > I installed pf from the ports, configured and ran it. > I just get this error when trying to watch pf's logs: > > [root_at_nat] ~ $ tcpdump -n -e -ttt -r /var/log/pflog > tcpdump: unknown data link type 117 prefix this with "pf" as: [root_at_nat] ~ $ pftcpdump -n -e -ttt -r /var/log/pflog and you should be fine. > Why can't they just put the logs in text not in some damn binary.. It's not "some damn binary" it's a pcap file and it is uses as it has *all* the information and not just some obscure bits that the developer though might be interesting. The great benefit of this is the ability to pass the pflog-output (more or less) unmodified to an IDS which usually needs more information than most of the plain-text logs will give you. -- /"\ Best regards, | mlaier_at_freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier_at_EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:09 UTC