[Snort-users] snort -A unsock feature
y.leikind at ...9017...
Fri Apr 25 08:37:14 EDT 2003
I am trying to use Snort's ability to write alerts to
For testing purposes I've written a single rule:
alert tcp any any -> MyIP 22 (msg:"Someone is using ssh to
connect to me";)
If I run snort like this:
snort -de -l log -h MyIP -c rule -A full
I get the alerts in the alert file in the ./log directory, if someone
connects to me via ssh.
But if I use
snort -de -l log -h MyIP -c rule -A unsock
and a simple script written in Ruby to listen to the socket:
file = "/dev/snort_alert"
sock = UNIXServer.open(file)
while s = sock.accept
p s.recvfrom(1) # or any number of bytes
I get nothing.
Has anyone used this feature?
"... 5 years from now everyone will be running free
GNU on their 200 MIPS, 64M SPARCstation-5."
Andy Tanenbaum to Linus Torvalds
in comp.lang.minix on Jan 1, 1992
More information about the Snort-users