alerting to unixsocket

[Jonas Sell <jonas.sell () johnassel de>]

Hi,
I'm trying to get snort to use a unixsocket for alerting. I enabled the
output to a unixsocket using "output alert_unixsock" in
/etc/snort/snort.conf and created a python script which creates the
socket in /var/log/snort/snort_alert
I created a test rule which detects ICMP packets and creates an alert.
In the log I can see that snort actually is alerting but the socket
stays empty. Are there any other configuration options which have to be
set? Where could the problem be?

This is my config (on CentOS 7)
script: https://nopaste.me/view/edb12ac0
/etc/snort/snort.conf: https://nopaste.me/view/e3381831
/etc/sysconfig/snort: https://nopaste.me/view/7628e07d

Thanks,
Jonas Sell

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!