fygrave at ...121...
Mon Sep 3 11:15:02 EDT 2001
On Sun, Sep 02, 2001 at 02:34:26PM -0400, Anupam Bansal wrote:
> I am trying to write rules so that I can directly send data to a socket.
> However, the documentation for the Alert_unixsock option as outlined in
> the documentation seems to be incomplete, since it does not include any
> specification of the socket number. What is the correct format for
> this option ??
There's no socket number, all you need is to connect(2) unix socket
SOCK_DGRAM to /dev/snort_alert (defined as UNSOCK_FILE in snort.h)
(I wrote a sample years ago, if you want, I could dig it up :))
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
More information about the Snort-users