Snort mailing list archives

Previous By Date Next
Previous By Thread Next

retrieve IDS from unix sock

From: "Matteo" <matteo () genhome org>
Date: Mon, 02 Feb 2004 16:21:01 +0100
Hello all,
I'm writing a little prog that read the data from the snort unisx dom socket and I need to 
retrieve, if it's presente, the cve code from the reference of the alert.

I'm reading a structure like 

typedef struct _Event {
    u_int32_t sig_generator;    
    u_int32_t sig_id;         
    u_int32_t sig_rev;        
    u_int32_t classification; 
    u_int32_t priority;       
    u_int32_t event_id;       
    u_int32_t event_reference;
    struct timeval ref_time;    
} Event;

/* alert socket code */
typedef struct _Snortpkt {
    u_int8_t alertmsg[ALERTMSG_LENGTH];
    struct timeval ts;
    u_int32_t caplen;
    u_int32_t len;
    u_int32_t dlthdr;          
    u_int32_t nethdr;          
    u_int32_t transhdr;        
    u_int32_t data;
    u_int32_t val;             
#define NOPACKET_STRUCT 0x1
#define NO_TRANSHDR    0x2
    u_int8_t pkt[SNAPLEN];
    Event event;
} Snortpkt;


how could I obtain the CVE from here?

Thankx all,

---------------------------------------------------------------------
Matteo Poropat
  + homepage:   http://www.genhome.org
  + software:   http://www.genhome.org/genhome/soft_vari.html

Fanzine "MEMORIE dal BUIO"
  + homepage:   http://www.genhome.org/memoriedalbuio/default.html
  + mail list:  http://it.groups.yahoo.com/group/memoriedalbuio
----------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: