Re: Socket Alerts

[Fyodor <fygrave () tigerteam net>]

Daniel J Camero <camero () seas upenn edu> spoke:
> Hi,
> I am trying to set up snort in such a way that I can read the alerts
> through a unix socket.  When I run it with the -A unsock option an
> error is generated about the file not existing (/dev/snort_alert).  I

it is just a warning, when snort is started your 'daemon' program should
already be running :-)

> can't seem to find any documentation on how to run the system with
> alerts coming over the sockets.  Thanks for the help.


see README.UNSOCK in snort's tarball.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users