[Snort-users] Code to open SNORT Unix Domain Socket?

Dirk Geschke dirk at ...10648...
Tue Nov 24 01:43:59 EST 2009

Hi Frank,

> > I am trying to write some code (preferably in C) that opens the SNORT
> > Unix Domain Socket interface and that successfully intercepts events
> > from SNORT so down the road, that the events could be read by any
> > other Unix Domain Socket-enabled software.
> > 
> > Am not trying to reinvent the wheel here, so I thought I would ask you
> > all if such code already exists. 
> I thought Flop uses the domain socket as an interface between Snort and
> Flop.

yes and no. FLoP uses an unix domain socket to communicate with
snort. But it is a slightly different, an own output plugin. The
"normal" output plugin for the unix domain sockets misses some
useful informations.

The basic function to provide a unix domain socket and read vom
it is still there. It is part of sockserv.c: ReadFromSocket().

Best regards


PS: The actual version of FLoP is 


| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at ...10648... / dirk at ...13691...  / kontakt at ...13691... | 

More information about the Snort-users mailing list