Snort mailing list archives

Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM

From: Stanford Prescott <stan.prescott () gmail com>
Date: Wed, 22 Mar 2017 08:59:05 -0500

I encountered this when trying to get the snort_control socket to load the
reputation blacklist using pulledpork. The issue I had was that the
SNORT.sock socket was not in the same directory as the reputation lists
directory. Once I directed the SNORT.sock to be In the reputation lists
directory, it seemed to load without errors.

Also, you need to tell snort where snort_control is in snort.conf or on the
command line. I put it in snort.conf myself as a "config" directive

*config cs_dir: <path to control socket>  *

which for me seemed to require that the control socket be in the same
reputation lists directory as defined in snort.conf.

You might want to read up on the reputation preprocessor from the README
file https://snort.org/faq/readme-reputation

On Tue, Mar 21, 2017 at 3:20 PM, Robert Kudyba <rkudyba () fordham edu> wrote:

We're using the Fedora RPM via dnf, PulledPork v0.7.3, and when running:

pulledpork.pl -c /etc/snort/pulledpork.conf

This appears:

Issuing reputation socket reload command
Unable to connect to UNIX socket at /etc/snort/rules/iplists/SNORT.sock:
Connection refused
I just posted this on GitHub <https://github.com/shirkdog/
pulledpork/issues/255> but wanted to see if this is a known issue and/or
a work-around available.
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Robert Kudyba (Mar 21)
- Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Stanford Prescott (Mar 22)
- Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Stanford Prescott (Mar 22)
  - Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Robert Kudyba (Mar 22)
    - Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Stanford Prescott (Mar 22)
    - Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Robert Kudyba (Mar 22)
    - Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Stanford Prescott (Mar 22)
    - Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Robert Kudyba (Mar 27)
    - Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM Stanford Prescott (Mar 28)