[Snort-users] Help with alert_unixsock issues

James Turnbull james at ...13655...
Thu Dec 1 06:30:02 EST 2005


I am experimenting with the alert_unixsock function.

I have had a read of the code and it suggests to me that a socket called 
snort_alert should be created in the log directory (/var/log/snort).

The socket seems not to be automatically created and I see the error:

/var/log/snort/snort_alert file doesn't exist or isn't writeable!

when I start Snort.

Can anyone shed any light on this?  I would have thought the socket 
would have been created automatically?  Is there syntax for the output 
plug-in that I am missing?

Thanks in advance

James Turnbull

James Turnbull <james at ...13655...>
Author of Hardening Linux from Apress
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)

More information about the Snort-users mailing list