Snort mailing list archives
Re: Alert_unixsock
From: Fyodor <fygrave () tigerteam net>
Date: Wed, 5 Sep 2001 04:26:08 +0700
On Wed, Sep 05, 2001 at 04:08:39AM +0700, Fyodor wrote:
#include "snort.h" ... struct sockaddr_un snortaddr; struct sockaddr_un bogus; struct Alertpkt alert; sockfd = socket(AF_UNIX, SOCK_DGRAM, 0); bzero(&servaddr, sizeof(snortddr)); snortddr.sun_family = AF_UNIX; strcpy(snortaddr.sun_path, UNSOCK_FILE); bind(sockfd, &snortaddr, sizeof(cliaddr));
^^^^ snortaddr of course. :-) (4am here ;p)
while (2) { recvfrom(sockfd, &alert, sizeof(alert), 0, &bogus, sizeof(bogus)); [parse out alert structure here and do whatever you want with it] (message will be in alert.alertmsg, raw packet data will be in alert.pkt, offsets will be in alert.nethdr, alert.transhdr, alert.dlthdr, alert.data] }
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: What machine is that... Anyway?, (continued)
- RE: What machine is that... Anyway? Chris Eidem (Aug 31)
- Promiscuouls Mode Question Jim Kipp (Sep 02)
- Re: Promiscuouls Mode Question Erek Adams (Sep 02)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
- Re: Promiscuouls Mode Question J. Craig Woods (Sep 02)
- Re: Promiscuouls Mode Question "s10" (Sep 02)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
- Alert_unixsock Anupam Bansal (Sep 02)
- Re: Alert_unixsock Fyodor (Sep 03)
- Message not available
- Re: Alert_unixsock Fyodor (Sep 04)
- Re: Alert_unixsock Fyodor (Sep 04)
- Data structures in rules.h Anupam Bansal (Sep 25)
- Promiscuouls Mode Question Jim Kipp (Sep 02)
- RE: What machine is that... Anyway? Chris Eidem (Aug 31)
- -A alert option Anupam Bansal (Sep 02)
- Re: Promiscuouls Mode Question Fyodor (Sep 03)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 03)
- Re: What machine is that... Anyway? Chris Adams (Sep 03)
- Re: What machine is that... Anyway? Fyodor (Sep 03)