[Snort-users] Help with alert_unixsock issues
Dirk_Geschke at ...1344...
Thu Dec 1 06:34:01 EST 2005
> I am experimenting with the alert_unixsock function.
> I have had a read of the code and it suggests to me that a socket called
> snort_alert should be created in the log directory (/var/log/snort).
> The socket seems not to be automatically created and I see the error:
> /var/log/snort/snort_alert file doesn't exist or isn't writeable!
> when I start Snort.
> Can anyone shed any light on this? I would have thought the socket
> would have been created automatically? Is there syntax for the output
> plug-in that I am missing?
that is easy: One process has to provide the unix socket and one process
writes to it. Snort does not provide a socket so you have to write a
progam which creates this unix sockets and reads from it.
Snort will then write all alerts to this socket...
More information about the Snort-users