[Snort-devel] Re: [Snort-users] Announce: FLoP-1.0 --- Fast Logging Project for snort

Jason Ish jason at ...341...
Wed Dec 3 08:45:04 EST 2003


> I think this all sounds very very cool.  I've been hoping that someone 
> wold make user of domain sockets for loggign and alerting for quite 
> some time.  The obvious question is what to do about Windows.  AT&T 
> provides UWIN, and within the UWIN package is support for domain 
> sockets under Windows.  That's one approach.
> 
> http://www.research.att.com/sw/tools/uwin/
> 
> I think that the primary benefit of using a domain socket is that in 
> decouples alerting and logging from Snort entirely.  Regardless of 
> whether or not a database or files are used, decoupling the alerting 
> and logging mechanisms is something I'd like to see explored more 
> fully.

I have desired in the past for the ability to specify a domain socket
for the unified output plugins.  Maybe this would be a useful addition
for others as well (add unix socket support keeping a well known
logging format.  I may look into this.

> A domain socket allows for an application to "subscribe" (so to speak) 
> to the socket carrying the alerting or logging information.  Imagine 
> the possibilities if third party developers could more easily bolt 
> their output mechanisms onto Snort! :)

This would be cool as well.

- Jason




More information about the Snort-devel mailing list