Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alert_unixsock

From: Fyodor <fygrave () tigerteam net>
Date: Wed, 5 Sep 2001 04:26:08 +0700
On Wed, Sep 05, 2001 at 04:08:39AM +0700, Fyodor wrote:
 

#include "snort.h"

...

struct sockaddr_un snortaddr;
struct sockaddr_un bogus;
struct Alertpkt alert;

sockfd = socket(AF_UNIX, SOCK_DGRAM, 0);

bzero(&servaddr, sizeof(snortddr));
snortddr.sun_family = AF_UNIX;
strcpy(snortaddr.sun_path, UNSOCK_FILE);

bind(sockfd, &snortaddr, sizeof(cliaddr));

                                  ^^^^ snortaddr of course. :-) (4am here ;p)




while (2) {
    recvfrom(sockfd, &alert, sizeof(alert), 0, &bogus, sizeof(bogus));
    [parse out alert structure here and do whatever you want with it]
     (message will be in alert.alertmsg, raw packet data will be in
     alert.pkt, offsets will be in alert.nethdr,
     alert.transhdr, alert.dlthdr, alert.data]

}


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: