[Snort-users] Unixsock plugin?

Dirk Geschke dirk at ...10648...
Tue Nov 24 02:29:42 EST 2009

Hi Honia,

> I have a question on how to use Snort unixsock plugin.
> 1) I followed the direction in the manual and added the line output alert_unixsock to snort.conf file. 
> 2) Then I run the snort command like this:  snort  -A unsock -c snort.conf and will start to get some output inside the terminal.

note: the command line overwrites the output-plugin statement in 
snort.conf. So with this options all alerts are written to the
unix domain socket.

> I was wondering if you could please let me know if I am doing this the right way or I am missing some steps? 

That is the right way to activate the output to the unix domain socket.

> If I am doing this the correct way, what is it supposed to happen ultimately?  
The usual fault is: You have to provide the unix domain socket so
that snort can write to it. Snort does not create the socket, so if
there is no unix domain socket at all nothing will happen...

Best regards


| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at ...10648... / dirk at ...13691...  / kontakt at ...13691... | 

More information about the Snort-users mailing list