[Snort-users] Alert_unixsock

Fyodor fygrave at ...121...
Tue Sep 4 14:23:01 EDT 2001


On Wed, Sep 05, 2001 at 04:08:39AM +0700, Fyodor wrote:
 
> #include "snort.h"
> 
> ...
> 
> struct sockaddr_un snortaddr;
> struct sockaddr_un bogus;
> struct Alertpkt alert;
> 
> sockfd = socket(AF_UNIX, SOCK_DGRAM, 0);
> 
> bzero(&servaddr, sizeof(snortddr));
> snortddr.sun_family = AF_UNIX;
> strcpy(snortaddr.sun_path, UNSOCK_FILE);
> 
> bind(sockfd, &snortaddr, sizeof(cliaddr));
                                  ^^^^ snortaddr of course. :-) (4am here ;p)


> 
> while (2) {
>     recvfrom(sockfd, &alert, sizeof(alert), 0, &bogus, sizeof(bogus));
>     [parse out alert structure here and do whatever you want with it]
>      (message will be in alert.alertmsg, raw packet data will be in
>      alert.pkt, offsets will be in alert.nethdr,
>      alert.transhdr, alert.dlthdr, alert.data]
> 
> }




More information about the Snort-users mailing list