[Snort-users] Unix sockets

Nick Zitzmann nickzman at ...3027...
Sat Jun 1 15:08:03 EDT 2002


Is anyone out there using Snort's Unix socket output mode?

I've been working on a small application that opens up a Unix 
socket, waits for Snort to send something to the socket, and 
then parses the contents of the alert to display to the user. It 
works great, however, I did have to make a change to snort.h to 
get it to work. In snort.h, Snort uses the path 
"/dev/snort_alert" for the socket. I guess that may work in 
Linux (not sure), but putting sockets into the /dev directory 
isn't allowed in my operating system (Darwin) even if the 
program making the socket is executed by root.

So I changed this to "/var/log/snort/snort_alert" and all seems 
well. Is this consistent with anyone else's experiences, or is 
it just me...?

Nick Zitzmann
ICQ: 22305512

Check out my software page: http://homepage.mac.com/nickzman/





More information about the Snort-users mailing list