OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dr. Richard W. Tibbs (ccampoakcitysolutions.com)
Date: Mon Jun 03 2002 - 09:36:59 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Sounds about right to me. I have used the socket facility on both Linux
    and Win2K.
    On linux, /dev/yadda is fine, but of course on Win2k a different
    approach is used.
    Not familiar with Darwin.
    >>>RWT

    Nick Zitzmann wrote:

    > Is anyone out there using Snort's Unix socket output mode?
    >
    > I've been working on a small application that opens up a Unix socket,
    > waits for Snort to send something to the socket, and then parses the
    > contents of the alert to display to the user. It works great, however,
    > I did have to make a change to snort.h to get it to work. In snort.h,
    > Snort uses the path "/dev/snort_alert" for the socket. I guess that
    > may work in Linux (not sure), but putting sockets into the /dev
    > directory isn't allowed in my operating system (Darwin) even if the
    > program making the socket is executed by root.
    >
    > So I changed this to "/var/log/snort/snort_alert" and all seems well.
    > Is this consistent with anyone else's experiences, or is it just me...?
    >
    > Nick Zitzmann
    > ICQ: 22305512
    >
    > Check out my software page: http://homepage.mac.com/nickzman/
    >
    >
    > _______________________________________________________________
    >
    > Don't miss the 2002 Sprint PCS Application Developer's Conference
    > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
    >
    > _______________________________________________
    > Snort-users mailing list
    > Snort-userslists.sourceforge.net
    > Go to this URL to change user options or unsubscribe:
    > https://lists.sourceforge.net/lists/listinfo/snort-users
    > Snort-users list archive:
    > http://www.geocrawler.com/redir-sf.php3?list=snort-users

    _______________________________________________________________

    Don't miss the 2002 Sprint PCS Application Developer's Conference
    August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users