Re: [Snort-users] (no subject)

Am Mit, 2003-10-08 um 23.33 schrieb Kristian Schling:
> Hello!=20
> =20
> I wonder how to set up snort with the -A unsock option on freeBSD 4.8=20
> I want to log the alerts to a socket and read them with syslog-ng..=20
> =20
> When I try using the -A unsock option now I the following error...=20
> =20
> /var/log/snort/snort_alert file doesn't exist or isn't writable=20
> =20
> My question is how I conf it to write to a valid socket or how I can crea=
te a socket=20
> called snort_alert=20
The socket is usually created by the log daemon. In the case of
syslog-ng use
unix-dgram <filename> - reads messages from the given AF_UNIX,
SOCK_DGRAM socket (BSDi style)
or
unix-stream <filename> - reads messages from the given AF_UNIX,
SOCK_STREAM socket (Linux style)

I doubt though, that the format written by snort is understood by the
syslog. I have not tested it myself yet.

Cheers,

Ralf
--=20
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection f=FCr Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror: http://honeynet.spenneberg.org


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users