[Snort-users] Help with alert_unixsock issues

Dirk Geschke Dirk_Geschke at ...1344...
Thu Dec 1 06:34:01 EST 2005


Hi James,

> I am experimenting with the alert_unixsock function.
> 
> I have had a read of the code and it suggests to me that a socket called 
> snort_alert should be created in the log directory (/var/log/snort).
> 
> The socket seems not to be automatically created and I see the error:
> 
> /var/log/snort/snort_alert file doesn't exist or isn't writeable!
> 
> when I start Snort.
> 
> Can anyone shed any light on this?  I would have thought the socket 
> would have been created automatically?  Is there syntax for the output 
> plug-in that I am missing?

that is easy: One process has to provide the unix socket and one process
writes to it. Snort does not provide a socket so you have to write a
progam which creates this unix sockets and reads from it.

Snort will then write all alerts to this socket...

Best regards

Dirk





More information about the Snort-users mailing list