[Snort-devel] Unix socket patches

Nick Zitzmann dreamless at ...1522...
Thu Mar 6 06:59:09 EST 2003


I sent this a long time ago, and didn't get any responses, so maybe no 
one noticed.

I've enclosed patches here that correct two issues in the Unix socket 
output plugin. Here's what they do:

1. Moved the socket path out of /dev and into Snort's log directory 
(since many systems don't allow Unix sockets in /dev), and

2. Moved the Alertpkt data structure out of the C code and into the 
header file (so programs that use Unix sockets can more easily decode 
the packet data).

These were written for Snort 1.9, but they work with 2.0 as well.

Nick Zitzmann
AIM/iChat: dragonsdontsleep
Check out my software page: http://dreamless.home.attbi.com/

if (message.signature==FUNNY) steal(message.signature); else 
message=message->next;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unixsock_h_patch
Type: application/octet-stream
Size: 1101 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030306/75905644/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unixsock_c_patch
Type: application/octet-stream
Size: 1545 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030306/75905644/attachment-0001.obj>


More information about the Snort-devel mailing list