[Snort-devel] Snort with Unix domain socket

Todd Lewis tlewis at ...120...
Wed Jan 3 16:12:41 EST 2001


Is your question:

	- why doesn't snort create the socket?
or
	- when I have the socket, why doesn't it work?

If the latter, then take a look at what strace tells you.

--
Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz

On Wed, 3 Jan 2001, Jean-Philippe Grenier wrote:

> I would like to know if someone got Snort working with the Unix domain
> socket. 
> 
> For some reason, Snort isn't doing a bind in file log.c:526 in function 
> OpenAlertSock(). So if UNSOCK_FILE ("/dev/snort_alert") doesn't exist,
> it won't be created. 
> 
> So after adding the bind call at line 539, 
> 
>     526 void OpenAlertSock() 
>     527 { 
>     528     char *srv=UNSOCK_FILE; 
>     529 
>     530     bzero((char *)&alertaddr,sizeof(alertaddr)); 
>     531     bcopy((const void *)srv,(void
> *)alertaddr.sun_path,strlen(srv)); /* we trust what we define */ 
>     532     alertaddr.sun_family=AF_UNIX; 
>     533 
>     534     if ((alertsd=socket(AF_UNIX,SOCK_DGRAM,0))<0) 
>     535     { 
>     536         FatalError("socket() call failed: %s", strerror(errno));
> 
>     537     } 
>     538 
>     539     bind(alertsd, (struct sockaddr*) &alertaddr,
> SUN_LEN(&alertaddr)); 
>     540 
>     541 } 
> 
> 
> I have an other program receving from the socket and it not getting
> anything. 
> 
> Can anyone help ? 
> 
> 





More information about the Snort-devel mailing list