Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code to open SNORT Unix Domain Socket?

From: Dirk Geschke <dirk () geschke-online de>
Date: Tue, 24 Nov 2009 07:43:59 +0100
Hi Frank,


I am trying to write some code (preferably in C) that opens the SNORT
Unix Domain Socket interface and that successfully intercepts events
from SNORT so down the road, that the events could be read by any
other Unix Domain Socket-enabled software.

Am not trying to reinvent the wheel here, so I thought I would ask you
all if such code already exists. 


I thought Flop uses the domain socket as an interface between Snort and
Flop.


yes and no. FLoP uses an unix domain socket to communicate with
snort. But it is a slightly different, an own output plugin. The
"normal" output plugin for the unix domain sockets misses some
useful informations.

The basic function to provide a unix domain socket and read vom
it is still there. It is part of sockserv.c: ReadFromSocket().

Best regards

Dirk

PS: The actual version of FLoP is 

       http://www.geschke-online.de/FLoP/src/FLoP-1.6.1.tar.gz

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk () geschke-online de / dirk () lug-erding de  / kontakt () lug-erding de | 
+----------------------------------------------------------------------+

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: