Shabbar
Reputation: 11
I want to send snort3 alert on socket but when I run command " sudo snort -i ens33 -A alert_unixsock -l /tmp" it gives error
I run snort 3 via command
sudo snort -c snort.conf -i ens33 -A alert_unixsock -l /tmp
where as snort gives error: "/tmp/snort_alert file doesn't exist or isn't writable".
Can any one share code for receiver end and snort end.
Upvotes: 1
Views: 639
Answers (1)
mickeyM0use
Reputation: 1
You need to create a socket file where the alerts can be sent to. The default name of this file is 'snort_alert' and it has to be located in your specified log directory '-l' which in this case is '/tmp'.
Once you have this file then you can send alerts to it and listen using a socket connection.
Read and write from Unix socket connection with Python
This link might help you with the socket that you need to create.
Upvotes: 0
Related Questions
- ERROR: C:\snort\etc\snort.conf(546) => Invalid argument: include Fatal Error, Quitting
- How to monitor packets using Snort features?
- Snort - Error while running
- 'int' object has no attribute 'format' - modifying snort rules
- Snort rule failing to alert to log
- Why I have this error message while i'm trying to verify my snort configuration
- Snort Rules Configuration Issue
- Read the alert log from snort
- Execute script on Snort alert
- Snort: Reporting packet numbers