2.6.4 alert_unixsock

Sets up a UNIX domain socket and sends alert reports to it. External programs/processes can listen in on this socket and receive Snort alert and packet data in real time.

2.6.4.1 Format

verbatim523#

2.6.4.2 Example

verbatim524#

rawhtml155# On FreeBSD, the default sysctl value for net.local.dgram.recvspace is too low for alert_unixsock datagrams and you will likely not receive any data. You can change this value after booting by running:

verbatim525#

To have this value set on each boot automatically, add the following to /etc/sysctl.conf:

verbatim526#

Note that the value of 100000 may be slightly generous, but the value should be at least 65864. rawhtml156#