<P class=MsoPlainText style="MARGIN: 0cm 0cm 0pt"><FONT face="Courier
New">Hello list, <BR><BR>I wrote this program to receive the alerts sended
from the snort by the unix socket. It's working, but I just only receive the
message of the alert. I want to receive, also, the ip destination, ip source
and others informations, like protocol, priority... <BR><BR>I want to
receive the same alerts, emmited on the console (with -A console option).
<BR><BR>Is it possible?<BR><BR>The simple code, receive correctly the
messages alerts. I didn't receive the rest of the information. <BR><BR>For
Example, for the alert relationed with bad-traffic, I receive on console
this alert:</FONT></P>
<P class=MsoPlainText style="MARGIN: 0cm 0cm 0pt"><FONT face="Courier
New"><B style="mso-bidi-font-weight: normal">Potentially Bad Traffic
[Priority: 2] {ICMP} 127.0.0.1 -> 127.0.0.1 .......<BR></B><BR>By the
Unix Socket:</FONT></P>
<P class=MsoPlainText style="MARGIN: 0cm 0cm 0pt"><FONT face="Courier
New"><B style="mso-bidi-font-weight: normal">BAD-TRAFFIC loopback
traffic<BR></B><BR><BR><BR>******************************************************************<BR>Code:<BR><BR>#include
<sys/socket.h><BR>#include <sys/un.h><BR>#include
<stdio.h><BR>#define UNSOCK
"/var/log/snort/snort_alert"<BR>main()<BR>{<BR><SPAN style="mso-spacerun:
yes">        </SPAN>int sock,
length;<BR><SPAN style="mso-spacerun:
yes">        </SPAN>struct sockaddr_un
name;<BR><SPAN style="mso-spacerun:
yes">        </SPAN>char
buf[1024];<BR><BR><SPAN style="mso-spacerun:
yes">        </SPAN>sock =
socket(AF_UNIX, SOCK_DGRAM, 0);<BR><SPAN style="mso-spacerun:
yes">      </SPAN><SPAN style="mso-spacerun:
yes">  </SPAN>if (sock < 0)<BR><SPAN style="mso-spacerun:
yes">        </SPAN>{<BR><SPAN
style="mso-spacerun:
yes">               
</SPAN>perror("opening datagram socket");<BR><SPAN style="mso-spacerun:
yes">               
</SPAN>exit(1);<BR><SPAN style="mso-spacerun:
yes">        </SPAN>}<BR><BR><SPAN
style="mso-spacerun: yes">       
</SPAN>name.sun_family = AF_UNIX;<BR><SPAN style="mso-spacerun:
yes">        </SPAN>strcpy(name.sun_path,
NAME);<BR><BR><SPAN style="mso-spacerun:
yes">        </SPAN>if (bind(sock,
(struct sockaddr *) &name, sizeof(struct sockaddr_un)))<BR><SPAN
style="mso-spacerun: yes">       
</SPAN>{<BR><SPAN style="mso-spacerun:
yes">               
</SPAN>perror("binding name to datagram socket");<BR><SPAN
style="mso-spacerun:
yes">               
</SPAN>exit(1);<BR><SPAN style="mso-spacerun:
yes">        </SPAN>}<BR><BR><SPAN
style="mso-spacerun: yes">       
</SPAN>printf("socket -->%s\n", NAME);<BR><BR><SPAN style="mso-spacerun:
yes">        </SPAN>while
(recvfrom(sock,buf,1024,0,(struct sockaddr *) &name, sizeof(struct
sockaddr_un) > 0))<BR><SPAN style="mso-spacerun: yes"> </SPAN><SPAN
style="mso-spacerun:
yes">              
</SPAN>printf("-->%s\n", buf);<BR><SPAN style="mso-spacerun:
yes">        </SPAN>close(sock);<BR><SPAN
style="mso-spacerun: yes">       
</SPAN>unlink(NAME);<BR>}<BR><BR><BR>Thank you, <BR><BR>Maicon Melo Alves.
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office"
/><o:p></o:p></FONT></P>
<P> </P><BR />
<BR />
________________________________________________<BR />
Message sent using UebiMiau 2.7.2<BR />