Re: Help with alert_unixsock issues

[Dirk Geschke <Dirk_Geschke () genua de>]

Hi James,

> I am experimenting with the alert_unixsock function.
>
> I have had a read of the code and it suggests to me that a socket called 
> snort_alert should be created in the log directory (/var/log/snort).
>
> The socket seems not to be automatically created and I see the error:
>
> /var/log/snort/snort_alert file doesn't exist or isn't writeable!
>
> when I start Snort.
>
> Can anyone shed any light on this?  I would have thought the socket 
> would have been created automatically?  Is there syntax for the output 
> plug-in that I am missing?

that is easy: One process has to provide the unix socket and one process
writes to it. Snort does not provide a socket so you have to write a
progam which creates this unix sockets and reads from it.

Snort will then write all alerts to this socket...

Best regards

Dirk



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users