Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: unix socket connection with '-A unsock'

From: Dirk Geschke <dirk () geschke-online de>
Date: Sun, 15 Mar 2009 12:58:08 +0100
Hi Seo,


I am trying to open unix socket with '-A unsock' option.


it is the other way: You need a program which provides the
unix socket so that snort can write to this. Every alert
is then written to this socket, take a look at the file

   src/output-plugins/spo_alert_unixsock.h

and there at the beginning the structure Alertpkt, this one
is written to the socket. So you need a process wich creates
the unix domain socket and waits for packets of this format.

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk () geschke-online de / dirk () lug-erding de  / kontakt () lug-erding de | 
+----------------------------------------------------------------------+

------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: