Thanks for the reply. snort can no longer read the pflog interface without some patch. Seems OBSD added some headers or some such in recent versions which causes snort to choke. I understand what you said about PF being in the kernel as well it's just that the snort team claims otherwise and I wanted to know if anyone else was doing it. o well.
|