Re: Unixsock plugin?

[Honia A <honia2002 () hotmail com>]

Thanks Dirk,

 

1) Currently I have the line "output alert_unixsock" added to my snort.conf file and this is the command I run: "snort 
-A unsock -c snort.conf ". Did you mean I have to delete the line from the snort.conf file and just run the command 
itself? 

2) You said I have to provide the unix domain socket so that snort can write to it, how can I do that?

 

Thanks again for your help,

Honia




 


 

> Date: Tue, 24 Nov 2009 08:29:42 +0100
> From: dirk () geschke-online de
> To: honia2002 () hotmail com
> CC: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Unixsock plugin?
>
> Hi Honia,
>
> > I have a question on how to use Snort unixsock plugin.
> >
> > 1) I followed the direction in the manual and added the line output alert_unixsock to snort.conf file. 
> >
> > 2) Then I run the snort command like this: snort -A unsock -c snort.conf and will start to get some output inside 
> > the terminal.
>
> note: the command line overwrites the output-plugin statement in 
> snort.conf. So with this options all alerts are written to the
> unix domain socket.
>
> > I was wondering if you could please let me know if I am doing this the right way or I am missing some steps? 
>
> That is the right way to activate the output to the unix domain socket.
>
> > If I am doing this the correct way, what is it supposed to happen ultimately? 
> The usual fault is: You have to provide the unix domain socket so
> that snort can write to it. Snort does not create the socket, so if
> there is no unix domain socket at all nothing will happen...
>
> Best regards
>
> Dirk
>
> -- 
> +----------------------------------------------------------------------+
> | Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding |
> | Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 |
> | dirk () geschke-online de / dirk () lug-erding de / kontakt () lug-erding de | 
> +----------------------------------------------------------------------+
                                          
_________________________________________________________________
Windows 7: It works the way you want. Learn more.
http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen:112009v2

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users