[Snort-users] Unix sockets
Dr. Richard W. Tibbs
ccamp at ...4532...
Mon Jun 3 07:34:05 EDT 2002
Sounds about right to me. I have used the socket facility on both Linux
On linux, /dev/yadda is fine, but of course on Win2k a different
approach is used.
Not familiar with Darwin.
Nick Zitzmann wrote:
> Is anyone out there using Snort's Unix socket output mode?
> I've been working on a small application that opens up a Unix socket,
> waits for Snort to send something to the socket, and then parses the
> contents of the alert to display to the user. It works great, however,
> I did have to make a change to snort.h to get it to work. In snort.h,
> Snort uses the path "/dev/snort_alert" for the socket. I guess that
> may work in Linux (not sure), but putting sockets into the /dev
> directory isn't allowed in my operating system (Darwin) even if the
> program making the socket is executed by root.
> So I changed this to "/var/log/snort/snort_alert" and all seems well.
> Is this consistent with anyone else's experiences, or is it just me...?
> Nick Zitzmann
> ICQ: 22305512
> Check out my software page: http://homepage.mac.com/nickzman/
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users