snort-users November 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Code to open SNORT Unix Domain So

Re: [Snort-users] Code to open SNORT Unix Domain Socket?

From: Dirk Geschke <dirk_at_nospam>
Date: Tue Nov 24 2009 - 06:43:59 GMT
To: snort-users@lists.sourceforge.net


Hi Frank,

> > I am trying to write some code (preferably in C) that opens the SNORT
> > Unix Domain Socket interface and that successfully intercepts events
> > from SNORT so down the road, that the events could be read by any
> > other Unix Domain Socket-enabled software.
> >
> > Am not trying to reinvent the wheel here, so I thought I would ask you
> > all if such code already exists.
>
> I thought Flop uses the domain socket as an interface between Snort and
> Flop.

yes and no. FLoP uses an unix domain socket to communicate with snort. But it is a slightly different, an own output plugin. The "normal" output plugin for the unix domain sockets misses some useful informations.

The basic function to provide a unix domain socket and read vom it is still there. It is part of sockserv.c: ReadFromSocket().

Best regards

Dirk

PS: The actual version of FLoP is

       http://www.geschke-online.de/FLoP/src/FLoP-1.6.1.tar.gz -- +----------------------------------------------------------------------+ | Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding | | Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 | | dirk@geschke-online.de / dirk@lug-erding.de / kontakt@lug-erding.de | +----------------------------------------------------------------------+ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users