snortunsock

package module
v0.0.0-...-eebd32a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2018 License: MIT Imports: 4 Imported by: 0

README

go-snortunsock

A Go listener to capture Snort events via the UNIX Socket.

Snort

Add to snort.conf:

output alert_unixsock

Example

for packet := range snortunsock.Start_socket(os.Args[1]) {
		fmt.Printf("Alert name: %s \n", packet.Name)
		goPacket := gopacket.NewPacket(packet.PcapData, layers.LayerTypeEthernet, gopacket.Default)
		fmt.Printf("Packet: %s", goPacket.String())
}

Full example.

Miscellaneous

If you know/find the exact format of alert_unixsocks (or a good documentation), please write me an email.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func StartSocket 

func StartSocket(socketName string) chan *Alert

Types

type Alert 

type Alert struct {
	Name     string
	PcapData []byte
	Event    *EventStruct
}

type EventStruct 

type EventStruct struct {
	SigGenerator   uint32
	SigId          uint32
	SigRev         uint32
	Classification uint32
	Priority       uint32
	EventId        uint32
	EventReference uint32
	Timestamp      uint32 // unix timestamp
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.