[Snort-users] Alert_unixsock

Fyodor fygrave at ...121...
Mon Sep 3 11:15:02 EDT 2001


On Sun, Sep 02, 2001 at 02:34:26PM -0400, Anupam Bansal wrote:
> 
> Hi,
> 
> I am trying to write rules so that I can directly send data to a socket.
> However, the documentation for the Alert_unixsock option as outlined in
> the documentation seems to be incomplete, since it does not include any
> specification of the socket number. What is the correct format for
> this option ??
> 

There's no socket  number, all you need is to connect(2) unix socket
SOCK_DGRAM to /dev/snort_alert (defined as UNSOCK_FILE in snort.h)

(I wrote a sample years ago, if you want, I could dig it up :))

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1




More information about the Snort-users mailing list