[Snort-devel] Snort with Unix domain socket
fygrave at ...1...
Thu Jan 4 04:13:13 EST 2001
On Wed, Jan 03, 2001 at 04:06:35PM -0500, Jean-Philippe Grenier wrote:
> I would like to know if someone got Snort working with the Unix domain
> For some reason, Snort isn't doing a bind in file log.c:526 in function
> OpenAlertSock(). So if UNSOCK_FILE ("/dev/snort_alert") doesn't exist, it
> won't be created.
it's actually your logging program which is supposed to create /dev/snort_alert
file, when unsock logging option is used, snort just tries to connect there.
if uppon startup of snort /dev/snort_alert doesn't exist, snort will complain about it:
char *srv = UNSOCK_FILE;
ErrorMessage("WARNING: %s file doesn't exist or isn't writable!\n", srv);
Anyway as soon as your 'logging' program creates /dev/snort_alert and start 'listening' to
datagrams from the socket, all logs will be there. It was _AGES_ ago since last time I played
with that, but if you need a sample code - let me know :)
BTW, I wonder what code you were quoting, the code in log.c which is a part of snort, doesn't have
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
More information about the Snort-devel