[Snort-users] Re: Help with alert_unixsock issues

James Turnbull james at ...13655...
Thu Dec 1 08:35:08 EST 2005


Hi

Simon Biles kindly provided the below code where he has specified a 
template for unpacking part of the alert format of the alerts sent to 
the alert_unixsock output plug-in.
> $TEMPLATE = "A256 A*";
>   
Does anyone know if the format of these alerts is documented somewhere?  
I am having a lot of trouble unpacking the remainder of the data in the 
alert.

Thanks

James Turnbull

-- 
James Turnbull <james at ...13655...>
---
Author of Hardening Linux from Apress
(http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)





More information about the Snort-users mailing list