Re: yet another unix socket question...

[Fyodor <fygrave () tigerteam net>]

On Sat, Jan 12, 2002 at 01:38:43PM -0500, Dr. Richard W. Tibbs wrote:
> Dear list :
>
> After searching the archives (and finding a few postings; thanks to 
> Fyodor) I am still not able to figure out my problem.  I am trying to 
> write a reciever socket program to use with snort using the output alert 
> to unixsock facility.
>
> The attached code snipet fails upon the bind command, with errno 98.
> I have debugged the code in kdb and the myname struct looks fine, as 
> does the sock variable.
>
> Any idea what is wrong ?
>
> Thanks in advance....

>   sock = socket(AF_UNIX, SOCK_DGRAM, 0);
>   if (sock < 0) {
>     printf("socket failure %d\n", errno);
>     exit(1);
>   }
>
>   myname.sa_family = AF_UNIX;
>   strcpy(myname.sa_data, "/tmp/somefile");

how myname is declared? definetely not as sockaddr_un, I'd suppose. With
sockaddr_un you'd do:
  strcpy(snortaddr.sun_path, UNSOCK_FILE);

(and UNSOCK_FILE would be where snort will be sending alerts):


#ifndef WIN32
    #define DEFAULT_LOG_DIR            "/var/log/snort"
    #define DEFAULT_DAEMON_ALERT_FILE  "alert"
    #define UNSOCK_FILE                "/dev/snort_alert"
#else
    #define DEFAULT_LOG_DIR            "log"
    #define DEFAULT_DAEMON_ALERT_FILE  "log/alert.ids"
    #define UNSOCK_FILE                "snort_alert"
#endif  /* WIN32 */

check out:
http://www.ultraviolet.org/mail-archives/snort-users.2001/0666.html


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users