[Snort-users] Unix sockets
nickzman at ...3027...
Sat Jun 1 15:08:03 EDT 2002
Is anyone out there using Snort's Unix socket output mode?
I've been working on a small application that opens up a Unix
socket, waits for Snort to send something to the socket, and
then parses the contents of the alert to display to the user. It
works great, however, I did have to make a change to snort.h to
get it to work. In snort.h, Snort uses the path
"/dev/snort_alert" for the socket. I guess that may work in
Linux (not sure), but putting sockets into the /dev directory
isn't allowed in my operating system (Darwin) even if the
program making the socket is executed by root.
So I changed this to "/var/log/snort/snort_alert" and all seems
well. Is this consistent with anyone else's experiences, or is
it just me...?
Check out my software page: http://homepage.mac.com/nickzman/
More information about the Snort-users