snort-users November 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Code to open SNORT Unix Domain So

Re: [Snort-users] Code to open SNORT Unix Domain Socket?

From: Dirk Geschke <dirk_at_nospam>
Date: Tue Nov 24 2009 - 06:43:59 GMT

Hi Frank,

> > I am trying to write some code (preferably in C) that opens the SNORT
> > Unix Domain Socket interface and that successfully intercepts events
> > from SNORT so down the road, that the events could be read by any
> > other Unix Domain Socket-enabled software.
> >
> > Am not trying to reinvent the wheel here, so I thought I would ask you
> > all if such code already exists.
> I thought Flop uses the domain socket as an interface between Snort and
> Flop.

yes and no. FLoP uses an unix domain socket to communicate with snort. But it is a slightly different, an own output plugin. The "normal" output plugin for the unix domain sockets misses some useful informations.

The basic function to provide a unix domain socket and read vom it is still there. It is part of sockserv.c: ReadFromSocket().

Best regards


PS: The actual version of FLoP is -- +----------------------------------------------------------------------+ | Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding | | Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 | | / / | +----------------------------------------------------------------------+ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. _______________________________________________ Snort-users mailing list Go to this URL to change user options or unsubscribe: Snort-users list archive: