Snort mailing list archives
Re: Unixsock plugin?
From: Dirk Geschke <dirk () geschke-online de>
Date: Tue, 24 Nov 2009 08:29:42 +0100
Hi Honia,
I have a question on how to use Snort unixsock plugin. 1) I followed the direction in the manual and added the line output alert_unixsock to snort.conf file. 2) Then I run the snort command like this: snort -A unsock -c snort.conf and will start to get some output inside the terminal.
note: the command line overwrites the output-plugin statement in snort.conf. So with this options all alerts are written to the unix domain socket.
I was wondering if you could please let me know if I am doing this the right way or I am missing some steps?
That is the right way to activate the output to the unix domain socket.
If I am doing this the correct way, what is it supposed to happen ultimately?
The usual fault is: You have to provide the unix domain socket so that snort can write to it. Snort does not create the socket, so if there is no unix domain socket at all nothing will happen... Best regards Dirk -- +----------------------------------------------------------------------+ | Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding | | Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 | | dirk () geschke-online de / dirk () lug-erding de / kontakt () lug-erding de | +----------------------------------------------------------------------+ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Unixsock plugin? Honia A (Nov 23)
- Re: Unixsock plugin? Dirk Geschke (Nov 23)
- Re: Unixsock plugin? Honia A (Nov 24)
- Re: Unixsock plugin? Dirk Geschke (Nov 24)
- Re: Unixsock plugin? Honia A (Nov 24)
- Re: Unixsock plugin? Dirk Geschke (Nov 25)
- Re: Unixsock plugin? Honia A (Nov 24)
- Re: Unixsock plugin? Dirk Geschke (Nov 23)