[Snort-devel] Snort with Unix domain socket

Jean-Philippe Grenier jgrenier at ...177...
Wed Jan 3 16:06:35 EST 2001


I would like to know if someone got Snort working with the Unix domain
socket.

For some reason, Snort isn't doing a bind in file log.c:526 in function 
OpenAlertSock(). So if UNSOCK_FILE ("/dev/snort_alert") doesn't exist, it
won't be created.

So after adding the bind call at line 539, 

    526 void OpenAlertSock()
    527 {
    528     char *srv=UNSOCK_FILE;
    529 
    530     bzero((char *)&alertaddr,sizeof(alertaddr));
    531     bcopy((const void *)srv,(void *)alertaddr.sun_path,strlen(srv));
/* we trust what we define */
    532     alertaddr.sun_family=AF_UNIX;
    533 
    534     if ((alertsd=socket(AF_UNIX,SOCK_DGRAM,0))<0)
    535     {
    536         FatalError("socket() call failed: %s", strerror(errno));
    537     }
    538 
    539     bind(alertsd, (struct sockaddr*) &alertaddr,
SUN_LEN(&alertaddr));
    540 
    541 }


I have an other program receving from the socket and it not getting
anything.

Can anyone help ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20010103/89de043a/attachment.html>


More information about the Snort-devel mailing list