Snort mailing list archives

Re: Snort + LCD display

From: frenzy () frenzy org
Date: Sat, 26 Jul 2003 21:23:37 -0700 (PDT)

I am using the socket option for on the fly alerts to other programs, and
it seems to work very well.

If you look in snortdir/src/output-plugins/spo_alert_unixsock.h it lists
the format that the socket outputs data in. Just a note if you're running
on BSD, you have to create the socket in your listener program, the snort
option doesn't create the socket itself.

Randy

http://www.frenzy.org
"Sed Quis Custodiet Ipsos Custodes?" -Juvenal

This communication (including any attachments) is intended for the use of the intended
recipient only and may contain information that is confidential, privileged or legally
protected. Any unauthorized use or dissemination of this communication is strictly
prohibited. If you have received this communication in error, please immediately notify
the sender by return e-mail message and delete all copies of the original communication.
Thank you for your cooperation.





On Sat, 27 Jul 2003, Michael Boman wrote:

On Sun, 2003-07-27 at 01:06, eth wrote:
[snip]

What Snort output system  will be the best in this case (I prefer
displaying alerts immediately)?
Maybe any other solutions? Please help.


Hmm.. Would the (fairly undocumented) socket do it? Don't ask me how,
never used the socket option before but it might do what you want...

From snort's man page:


-A alert-mode
        [...]
        Unsock  is an experimental mode that sends the alert information out
over a UNIX socket to another process that attaches to  that socket.


Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT Pte Ltd
http://www.securecirt.com


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort + LCD display eth (Jul 26)
- Re: Snort + LCD display Michael Boman (Jul 26)
  - Re: Snort + LCD display frenzy (Jul 28)
- Re: Snort + LCD display Alejandro Flores (Jul 28)
  - Re: Snort + LCD display eth (Jul 27)