[Snort-users] Snort alerting to unix socket

Ľubomír Bielik lubomir.bielik.96 at gmail.com
Thu Aug 9 10:25:55 EDT 2018


Hello, has anyone successfully made Snort alert to unix socket, with
connection to some other program?

I am trying to connect Snort and Logstash. Snort is sending alerts to
'/var/log/snort/snort_alert' and Logstash is reading the same socket.

I have tested that Snort is really sending these sockets with perl
script, and I am able to receive sockets in Logstash with 'nc -U
/var/log/snort/snort_alert'.

However i am unable to receive Snort sockets in Logstash. Any help is
appreciated.


More information about the Snort-users mailing list