[Snort-users] Unix sockets

Dr. Richard W. Tibbs ccamp at ...4532...
Mon Jun 3 07:34:05 EDT 2002


Sounds about right to me. I have used the socket facility on both Linux 
and Win2K.
On linux, /dev/yadda is fine, but of course on Win2k a different 
approach is used.
Not familiar with Darwin.
 >>>RWT

Nick Zitzmann wrote:

> Is anyone out there using Snort's Unix socket output mode?
>
> I've been working on a small application that opens up a Unix socket, 
> waits for Snort to send something to the socket, and then parses the 
> contents of the alert to display to the user. It works great, however, 
> I did have to make a change to snort.h to get it to work. In snort.h, 
> Snort uses the path "/dev/snort_alert" for the socket. I guess that 
> may work in Linux (not sure), but putting sockets into the /dev 
> directory isn't allowed in my operating system (Darwin) even if the 
> program making the socket is executed by root.
>
> So I changed this to "/var/log/snort/snort_alert" and all seems well. 
> Is this consistent with anyone else's experiences, or is it just me...?
>
> Nick Zitzmann
> ICQ: 22305512
>
> Check out my software page: http://homepage.mac.com/nickzman/
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list