Re: (no subject)

[Ralf Spenneberg <lists () spenneberg org>]

Am Mit, 2003-10-08 um 23.33 schrieb Kristian Schling:
> Hello! 
>  
> I wonder how to set up snort with the -A unsock option on freeBSD 4.8 
> I want to log the alerts to a socket and read them with syslog-ng.. 
>  
> When I try using the -A unsock option now I the following error... 
>  
> /var/log/snort/snort_alert file doesn't exist or isn't writable 
>  
> My question is how I conf it to write to a valid socket or how I can create a socket 
> called snort_alert 
The socket is usually created by the log daemon. In the case of
syslog-ng use
unix-dgram <filename>  -  reads  messages  from  the  given  AF_UNIX,
       SOCK_DGRAM socket (BSDi style)
or
unix-stream  <filename>  -  reads  messages  from the given AF_UNIX,
       SOCK_STREAM socket (Linux style)

I doubt though, that the format written by snort is understood by the
syslog. I have not tested it myself yet.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto                                  http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users