Snort mailing list archives
Re: Code to open SNORT Unix Domain Socket?
From: Dirk Geschke <dirk () geschke-online de>
Date: Tue, 24 Nov 2009 07:43:59 +0100
Hi Frank,
I am trying to write some code (preferably in C) that opens the SNORT Unix Domain Socket interface and that successfully intercepts events from SNORT so down the road, that the events could be read by any other Unix Domain Socket-enabled software. Am not trying to reinvent the wheel here, so I thought I would ask you all if such code already exists.I thought Flop uses the domain socket as an interface between Snort and Flop.
yes and no. FLoP uses an unix domain socket to communicate with snort. But it is a slightly different, an own output plugin. The "normal" output plugin for the unix domain sockets misses some useful informations. The basic function to provide a unix domain socket and read vom it is still there. It is part of sockserv.c: ReadFromSocket(). Best regards Dirk PS: The actual version of FLoP is http://www.geschke-online.de/FLoP/src/FLoP-1.6.1.tar.gz -- +----------------------------------------------------------------------+ | Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding | | Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 | | dirk () geschke-online de / dirk () lug-erding de / kontakt () lug-erding de | +----------------------------------------------------------------------+ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Code to open SNORT Unix Domain Socket? Honia A (Nov 18)
- Re: Code to open SNORT Unix Domain Socket? Frank Knobbe (Nov 23)
- Re: Code to open SNORT Unix Domain Socket? Dirk Geschke (Nov 23)
- Re: Code to open SNORT Unix Domain Socket? Frank Knobbe (Nov 23)