[Snort-devel] Re: [Snort-users] Announce: FLoP-1.0 --- Fast Logging Project for snort
jason at ...341...
Wed Dec 3 08:45:04 EST 2003
> I think this all sounds very very cool. I've been hoping that someone
> wold make user of domain sockets for loggign and alerting for quite
> some time. The obvious question is what to do about Windows. AT&T
> provides UWIN, and within the UWIN package is support for domain
> sockets under Windows. That's one approach.
> I think that the primary benefit of using a domain socket is that in
> decouples alerting and logging from Snort entirely. Regardless of
> whether or not a database or files are used, decoupling the alerting
> and logging mechanisms is something I'd like to see explored more
I have desired in the past for the ability to specify a domain socket
for the unified output plugins. Maybe this would be a useful addition
for others as well (add unix socket support keeping a well known
logging format. I may look into this.
> A domain socket allows for an application to "subscribe" (so to speak)
> to the socket carrying the alerting or logging information. Imagine
> the possibilities if third party developers could more easily bolt
> their output mechanisms onto Snort! :)
This would be cool as well.
More information about the Snort-devel