[Snort-devel] Snort with Unix domain socket

Fyodor fygrave at ...1...
Thu Jan 4 11:40:05 EST 2001


On Thu, Jan 04, 2001 at 11:07:49AM -0500, Jean-Philippe Grenier wrote:
> Well the problem was obviously my logging program. I've forgot to 
> do an unlink("/dev/snort_alert"), so when I was calling bind, I 
> was getting a Connection Refused.
> 
> But I have an other question. Logging with the unix socket only
> seems to sends the alert msg, it does not send the network header
> information.

What do you mean by 'network header'? :) if you want to see whole packet,
I can modify code to send it as well. Originally I thought it might be
overhelming for you to parse it, but if you want.. ;-P

> I haven't seen an equivalent of PrintIPHeader(FILE *fp, Packet *p)
> for the unix socket, is there one ? 
> 

Uh? by design it logs you the data into unix socket, which you need to perform
logging (i.g. source, destination of original datagram, message etc), you don't
have IP datagram available there. even if you had, you'd have to parse out
whole datagram again to print it.

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1




More information about the Snort-devel mailing list