[fwAnalog] Cross platform analysis (OpenBSD logs on Debian)?

From: Charlie Winckless (charles~AT~silvertyne.com)
Date: Tue Jun 03 2003 - 07:45:44 CEST

I skimmed over the archives and found nothing on this:

Has anyone else tried this? I think I'm running into some wierd sort of tcpdump inconsistency - after mirroring the pflog output from the OpenBSD firewall on a more general purpose Debian box, I recieve the following error:

tcpdump: unknown data link type 17

... and, obviously, get blank output from fwanalog.

Just wanted to check that I wasn't missing something totally obvious, and that what I should do is just do the analysis on the OpenBSD box and then move the output somewhere. :P

For reference, versions are:

OpenBSD 3.0
Debian (stable) (woody)
fwanalog 0.6.3
analog 5.32
tcpdump 3.6.2 (Debian)


Charlie Winckless | charles (at) silvertyne (dot) com
            "Time is an illusion. Lunchtime doubly so"
					-- Ford Prefect

