I have created a unix socket (TCP as well as UDP). I have tested it with a client and it works well. When I try to send alert to unix socket via snort I do not receive any alert. I have uncomment "alert_sfsocket = { }" in snort.lua config file and also used -A alert_unixsock. If i use -L dump it shows alerts on console.
Kindly guide me what else I have to configure so that I receive alerts on unix socket.
Thanks.
Python Code for making TCP Unix Socket:
import socket
import os, os.path
if os.path.exists("../tmp/snort_alert"):
os.remove("../tmp/snort_alert")
server = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM,0)
server.bind("../tmp/snort_alert")
try:
server.listen(1024)
print("SERVER LISTEN CoMMAND")
conn, addr = server.accept()
print("conn,addr")
while True:
print("listening")
datagram = conn.recv(4096)
datagram=datagram.decode('utf-8')
print(datagram)
except:
conn.close()
os.remove("../tmp/snort_alert")
print("Done")
Java Code for Creating Unix Socket:
var SnortSocket = require('snort-socket').SnortSocket;
var socket = new SnortSocket();
socket.on('alert', function(a) { console.log(util.inspect(a)); });
socket.bind('../tmp/snort_alert', function(err) { if (!!err) throw err; });
SNORT end command:
udo snort -i ens33 -c ~shabbar/snort_src/snort3/lua/snort.lua -R ~shabbar/snort_src/snort3/lua/snort3-community.rules -A alert_unixsock -l ~shabbar/tmp
Elaborate More
You have provided basic code examples, but no error messages or logs. Without them, I may have to assume ten different scenarios why unix_socket may not be working for you.
Please refer to stackoverflow for your code queries and get abused there for minimal effort put into framing a question.
Watch this video before asking half-baked questions in future: https://www.youtube.com/watch?v=53zkBvL4ZB4
Thankyou.
- Badges
- Science topic
- Similar topics
- Geoscience
- Asia
- India