[Snort-devel] Question about snort alerts

Geries Handal stingddp99 at ...445...
Wed May 11 08:49:13 EDT 2005


Dear snort developers,

I like to know if there is any way to read real time alerts from snort. The 
purpose is because i want to try to write a module that will response to 
some attacks in certain way... For example if i detect a portscan, or a 
worm, etc. i want to send a command to a firewall or cisco router and block 
the attack. I was thinking of using unix domain socket option of snort, but 
i don't know if its the right way to go. Maybe you can help me giving me 
some documentation, tips, reference, etc, anything... tell me how can i 
access the socket using java, c/c++..  I don't want to use any plugins... i 
want to code it my self... directly accessing the socket.. thanks

I will really appreciate any help

Geries Handal

p.s. sorry for not sending the msg in html...thanks to Lamont R. Peterson  
for tip...

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/





More information about the Snort-devel mailing list