[Snort-users] yet another unix socket question...

Fyodor fygrave at ...121...
Sun Jan 13 05:26:03 EST 2002


On Sat, Jan 12, 2002 at 01:38:43PM -0500, Dr. Richard W. Tibbs wrote:
> Dear list :
> 
> After searching the archives (and finding a few postings; thanks to 
> Fyodor) I am still not able to figure out my problem.  I am trying to 
> write a reciever socket program to use with snort using the output alert 
> to unixsock facility.
> 
> The attached code snipet fails upon the bind command, with errno 98.
> I have debugged the code in kdb and the myname struct looks fine, as 
> does the sock variable.
> 
> Any idea what is wrong ?
> 
> Thanks in advance....

> 
> 
> 
>   sock = socket(AF_UNIX, SOCK_DGRAM, 0);
>   if (sock < 0) {
>     printf("socket failure %d\n", errno);
>     exit(1);
>   }
> 
>   myname.sa_family = AF_UNIX;
>   strcpy(myname.sa_data, "/tmp/somefile");

how myname is declared? definetely not as sockaddr_un, I'd suppose. With
sockaddr_un you'd do:
  strcpy(snortaddr.sun_path, UNSOCK_FILE);

(and UNSOCK_FILE would be where snort will be sending alerts):


#ifndef WIN32
    #define DEFAULT_LOG_DIR            "/var/log/snort"
    #define DEFAULT_DAEMON_ALERT_FILE  "alert"
    #define UNSOCK_FILE                "/dev/snort_alert"
#else
    #define DEFAULT_LOG_DIR            "log"
    #define DEFAULT_DAEMON_ALERT_FILE  "log/alert.ids"
    #define UNSOCK_FILE                "snort_alert"
#endif  /* WIN32 */

check out:
http://www.ultraviolet.org/mail-archives/snort-users.2001/0666.html





More information about the Snort-users mailing list