[Snort-users] Finding a Win32 Snort

Roelof JT Jonkman roel at ...47...
Mon Mar 11 13:40:02 EST 2002


Richard,

> I looked at the IDScenter config panels today after installing on Win2K.
> It seems there is no socket logging facility available thru IDScenter.
> (i.e. like snort -A unsock ...)

I don't have a windows box handy to verify the following, however I scanned
the source code quickly, and near as I know snort on windows should be able to
use the unsock logging facility.

> Would I need to use command line to use a socket program to capture 
> packet data?
My guess is that IDScenter doesn't have the unsock facility as an option.
I checked with Michael, and concluded that Snort on windows has the
unsock alert facility. You need to make sure you create a pipe by
the name of snort_alert (grep UNSOCK_FILE snort.h) that snort can
write to. 

Hope this helps.

Roel Jonkman
Security Engineer
http://www.SiliconDefense.com





More information about the Snort-users mailing list