[Snort-users] What data does "-A unsock" really send?

Paul B. Poh paul at ...6438...
Fri May 9 11:13:12 EDT 2003


The data that is generated is in the form of a Alertpkt struct type. See 
src/output-plugins/spo_alert_unixsock.h for the gory details.

It is not an ascii string.

Paul.

Emmanuel Guiton wrote:
> Hei!
> 
> Could someone tell me what exact data is sent on the unix socket using 
> "-A unsock"?
> Is it only the alert message such as "DDOS 
> Trin00\:DaemontoMaster(*HELLO*detected)"?
> Or are there also the timestamp, source and destination IPs/ports... 
> like when logging in a file?
> 
> Thanks,
> 
>          Emmanuel
> 
> 





More information about the Snort-users mailing list