Snort mailing list archives
Re: [Snort-Users] help reporting using unix socket (unsock)
From: Joel Esler <joel.esler () me com>
Date: Wed, 07 Sep 2011 10:25:24 -0400
Copying Snort devel on this. Joel On Sep 7, 2011, at 9:48 AM, yamahabob wrote:
I'm wanting to report alerts through a socket using unsock, but I can't seem to get the alerts to go through. I opened a socket using a Perl script as follows: use strict; $|++; use IO::Socket; my $socketfile = "/dev/snort_alert"; unlink $socketfile; my $data; my $server = IO::Socket::UNIX->new( Local => $socketfile, Type => SOCK_STREAM, Listen => 100 ) or die $!; $server->autoflush(1); while ( my $connection = $server->accept() ) { my $data= <$connection>; print $data, $/; } } First, I understand all I will see is garbage because I'm not using the specific packets format, but I'm just testing to see if data is making it through. It opens the file "/dev/snort_alert" as the documentation says but don't appear to be getting alerts sent it to. I'm running snort using: /usr/local/snort/bin/snort -A unsock -c /usr/local/snort/etc/ snort.conf -i eth1 If I run another Perl script to send data to /dev/snort_alert, the data prints to screen as the sever code is supposed to do, but not with any alerts. Ideas? Thanks in advance -- To post to this group, send email to snortusers () googlegroups com Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: [Snort-Users] help reporting using unix socket (unsock) Joel Esler (Sep 07)