[Snort-users] Snort + LCD display

frenzy at ...9544... frenzy at ...9544...
Mon Jul 28 06:11:14 EDT 2003


I am using the socket option for on the fly alerts to other programs, and
it seems to work very well.

If you look in snortdir/src/output-plugins/spo_alert_unixsock.h it lists
the format that the socket outputs data in. Just a note if you're running
on BSD, you have to create the socket in your listener program, the snort
option doesn't create the socket itself.

Randy

http://www.frenzy.org
"Sed Quis Custodiet Ipsos Custodes?" -Juvenal

This communication (including any attachments) is intended for the use of the intended
recipient only and may contain information that is confidential, privileged or legally
protected. Any unauthorized use or dissemination of this communication is strictly
prohibited. If you have received this communication in error, please immediately notify
the sender by return e-mail message and delete all copies of the original communication.
Thank you for your cooperation.





On Sat, 27 Jul 2003, Michael Boman wrote:

On Sun, 2003-07-27 at 01:06, eth wrote:
[snip]
> What Snort output system  will be the best in this case (I prefer
> displaying alerts immediately)?
> Maybe any other solutions? Please help.

Hmm.. Would the (fairly undocumented) socket do it? Don't ask me how,
never used the socket option before but it might do what you want...



More information about the Snort-users mailing list