[Snort-users] RE: How to use -A unsock option

Fyodor fygrave at ...121...
Mon Aug 7 03:06:24 EDT 2000


~ :
~ :I am running snort on win32 because I don't want to have to "dumb down" a
~ :Linux box to just be a snort IDS appliance with no other services.  Snort


*ummm* [no comments] 


~ :
~ :Rather than monitoring the file "alert.ids" for changes, I would prefer to
~ :be able to have my VB application listen to snort using the --unsock option
~ :if I knew how to implement it.

The answer is: you probably won't be able to use it on windoze, unix
sockets are not supported by winsock as far as I know. As an alternative
solution you can give a try to use spo_log_database piece which would log
everything to loopback address, or you can use snortnet interface, but in
this case you will have to write (or port, if you want) snort console
yourself. :) You can use code at snortnet.scorpions.net as the sample
(and feel free to drop email if you have any questions as well ;-))





More information about the Snort-users mailing list