Snort mailing list archives
Re: Finding a Win32 Snort
From: Roelof JT Jonkman <roel () SiliconDefense com>
Date: Mon, 11 Mar 2002 13:39:21 -0800
Richard,
I looked at the IDScenter config panels today after installing on Win2K. It seems there is no socket logging facility available thru IDScenter. (i.e. like snort -A unsock ...)
I don't have a windows box handy to verify the following, however I scanned the source code quickly, and near as I know snort on windows should be able to use the unsock logging facility.
Would I need to use command line to use a socket program to capture packet data?
My guess is that IDScenter doesn't have the unsock facility as an option. I checked with Michael, and concluded that Snort on windows has the unsock alert facility. You need to make sure you create a pipe by the name of snort_alert (grep UNSOCK_FILE snort.h) that snort can write to. Hope this helps. Roel Jonkman Security Engineer http://www.SiliconDefense.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Finding a Win32 Snort Djinn D'Angel (Mar 08)
- Re: Finding a Win32 Snort Joe McAlerney (Mar 08)
- Re: Finding a Win32 Snort John Sage (Mar 08)
- Message not available
- RE: Finding a Win32 Snort - Thank you. Djinn D'Angel (Mar 12)
- <Possible follow-ups>
- RE: Finding a Win32 Snort Frank Knobbe (Mar 08)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 08)
- Re: Finding a Win32 Snort Dr. Richard W. Tibbs (Mar 11)
- Confused on obfuscation Paul Farley (Mar 11)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 11)
- Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 08)