[Snort-devel] Snort with Unix domain socket

Fyodor fygrave at ...1...
Thu Jan 4 04:13:13 EST 2001


On Wed, Jan 03, 2001 at 04:06:35PM -0500, Jean-Philippe Grenier wrote:
> I would like to know if someone got Snort working with the Unix domain
> socket.
> 
> For some reason, Snort isn't doing a bind in file log.c:526 in function 
> OpenAlertSock(). So if UNSOCK_FILE ("/dev/snort_alert") doesn't exist, it
> won't be created.
> 

it's actually your logging program which is supposed to create /dev/snort_alert
file, when unsock logging option is used, snort just tries to connect there.
if uppon startup of snort /dev/snort_alert doesn't exist, snort will complain about it:
    
void OpenAlertSock()
{
    char *srv = UNSOCK_FILE;

    if(access(srv, W_OK))
    {
        ErrorMessage("WARNING: %s file doesn't exist or isn't writable!\n", srv);
    }

...
Anyway as soon as your 'logging' program creates /dev/snort_alert and start 'listening' to
datagrams from the socket, all logs will be there. It was _AGES_ ago since last time I played
with that, but if you need a sample code - let me know :)


BTW, I wonder what code you were quoting, the code in log.c which is a part of snort, doesn't have
bind :)

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1




More information about the Snort-devel mailing list