Question about Snort Unix socket preprocessor

[Yanyan Yang <toyyyang () yahoo com>]

Hello all,
 
I know that Unix socket preprocessor is an experimental feature. I wrote a simple program to use this feature to let 
Snort send the alert to the socket (snort_alert) and another program to read the alerts from this socket. 
 
However, when the amount of alerts is very large (at least over thousands within a minute), recvfrom( ) function call 
returns -1 with errno 22 which is "Invalid argument" (I use select( ) to listen to a couple of sockets). But I checked 
that all the arguments passed to recvfrom are valid.
 
Could anyone give me some help? I'd greatly appreciate any input!
 
Yanyan,


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software