[Snort-users] Unixsock plugin?

Honia A honia2002 at ...125...
Tue Nov 24 09:20:56 EST 2009


Thanks Dirk,

 

1) Currently I have the line "output alert_unixsock" added to my snort.conf file and this is the command I run: "snort -A unsock -c snort.conf ". Did you mean I have to delete the line from the snort.conf file and just run the command itself? 

2) You said I have to provide the unix domain socket so that snort can write to it, how can I do that?

 

Thanks again for your help,

Honia




 


 

> Date: Tue, 24 Nov 2009 08:29:42 +0100
> From: dirk at ...10648...
> To: honia2002 at ...125...
> CC: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Unixsock plugin?
> 
> Hi Honia,
> 
> > I have a question on how to use Snort unixsock plugin.
> > 
> > 1) I followed the direction in the manual and added the line output alert_unixsock to snort.conf file. 
> > 
> > 2) Then I run the snort command like this: snort -A unsock -c snort.conf and will start to get some output inside the terminal.
> 
> note: the command line overwrites the output-plugin statement in 
> snort.conf. So with this options all alerts are written to the
> unix domain socket.
> 
> > I was wondering if you could please let me know if I am doing this the right way or I am missing some steps? 
> 
> That is the right way to activate the output to the unix domain socket.
> 
> > If I am doing this the correct way, what is it supposed to happen ultimately? 
> The usual fault is: You have to provide the unix domain socket so
> that snort can write to it. Snort does not create the socket, so if
> there is no unix domain socket at all nothing will happen...
> 
> Best regards
> 
> Dirk
> 
> -- 
> +----------------------------------------------------------------------+
> | Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding |
> | Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 |
> | dirk at ...10648... / dirk at ...13691... / kontakt at ...13691... | 
> +----------------------------------------------------------------------+
 		 	   		  
_________________________________________________________________
Windows 7: It works the way you want. Learn more.
http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen:112009v2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091124/91a4b5c4/attachment.html>


More information about the Snort-users mailing list