Snort mailing list archives
Re: Snort and Unix-Socket
From: Phil Wood <cpw () lanl gov>
Date: Wed, 21 Nov 2001 19:02:16 -0700
On Thu, Nov 22, 2001 at 06:55:09AM +0700, Fyodor wrote:
But after some tests and "googles" I think the plugin never send any data to
I actually got this to work, but to make it work in a general way I modified snort. Don't think my changes ever made it in. The change just allowed me to specify the file to use rather than the hard coded one in snort source. But, assuming snort is doing the correct client thing, here is code that dumped out the alerts (as proof of concept): -- Phil Wood, cpw () lanl gov
Attachment:
unixsockd.c
Description:
Current thread:
- Snort and Unix-Socket TSauter (Nov 21)
- Re: Snort and Unix-Socket Fyodor (Nov 21)
- Re: Snort and Unix-Socket Phil Wood (Nov 21)
- Re: Snort and Unix-Socket Phil Wood (Nov 21)
- Re: Snort and Unix-Socket Dirk Geschke (Nov 22)
- Re: Snort and Unix-Socket Phil Wood (Nov 21)
- Re: Snort and Unix-Socket Fyodor (Nov 21)