Snort mailing list archives
retrieve IDS from unix sock
From: "Matteo" <matteo () genhome org>
Date: Mon, 02 Feb 2004 16:21:01 +0100
Hello all, I'm writing a little prog that read the data from the snort unisx dom socket and I need to retrieve, if it's presente, the cve code from the reference of the alert. I'm reading a structure like typedef struct _Event { u_int32_t sig_generator; u_int32_t sig_id; u_int32_t sig_rev; u_int32_t classification; u_int32_t priority; u_int32_t event_id; u_int32_t event_reference; struct timeval ref_time; } Event; /* alert socket code */ typedef struct _Snortpkt { u_int8_t alertmsg[ALERTMSG_LENGTH]; struct timeval ts; u_int32_t caplen; u_int32_t len; u_int32_t dlthdr; u_int32_t nethdr; u_int32_t transhdr; u_int32_t data; u_int32_t val; #define NOPACKET_STRUCT 0x1 #define NO_TRANSHDR 0x2 u_int8_t pkt[SNAPLEN]; Event event; } Snortpkt; how could I obtain the CVE from here? Thankx all, --------------------------------------------------------------------- Matteo Poropat + homepage: http://www.genhome.org + software: http://www.genhome.org/genhome/soft_vari.html Fanzine "MEMORIE dal BUIO" + homepage: http://www.genhome.org/memoriedalbuio/default.html + mail list: http://it.groups.yahoo.com/group/memoriedalbuio ----------------------------------------------------------------------
Current thread:
- retrieve IDS from unix sock Matteo (Feb 02)