[Snort-users] yet another unix socket question...

Fyodor fygrave at ...121...
Sun Jan 13 05:26:03 EST 2002

On Sat, Jan 12, 2002 at 01:38:43PM -0500, Dr. Richard W. Tibbs wrote:
> Dear list :
> After searching the archives (and finding a few postings; thanks to 
> Fyodor) I am still not able to figure out my problem.  I am trying to 
> write a reciever socket program to use with snort using the output alert 
> to unixsock facility.
> The attached code snipet fails upon the bind command, with errno 98.
> I have debugged the code in kdb and the myname struct looks fine, as 
> does the sock variable.
> Any idea what is wrong ?
> Thanks in advance....

>   sock = socket(AF_UNIX, SOCK_DGRAM, 0);
>   if (sock < 0) {
>     printf("socket failure %d\n", errno);
>     exit(1);
>   }
>   myname.sa_family = AF_UNIX;
>   strcpy(myname.sa_data, "/tmp/somefile");

how myname is declared? definetely not as sockaddr_un, I'd suppose. With
sockaddr_un you'd do:
  strcpy(snortaddr.sun_path, UNSOCK_FILE);

(and UNSOCK_FILE would be where snort will be sending alerts):

#ifndef WIN32
    #define DEFAULT_LOG_DIR            "/var/log/snort"
    #define DEFAULT_DAEMON_ALERT_FILE  "alert"
    #define UNSOCK_FILE                "/dev/snort_alert"
    #define DEFAULT_LOG_DIR            "log"
    #define DEFAULT_DAEMON_ALERT_FILE  "log/alert.ids"
    #define UNSOCK_FILE                "snort_alert"
#endif  /* WIN32 */

check out:

More information about the Snort-users mailing list