snortunsock

package module

v0.0.0-...-eebd32a Latest Latest Go to latest Published: Mar 3, 2018 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jan-Niclas/go-snortunsock

Links

Open Source Insights

README ¶

go-snortunsock

A Go listener to capture Snort events via the UNIX Socket.

Snort

Add to snort.conf:

output alert_unixsock

Example

for packet := range snortunsock.Start_socket(os.Args[1]) {
		fmt.Printf("Alert name: %s \n", packet.Name)
		goPacket := gopacket.NewPacket(packet.PcapData, layers.LayerTypeEthernet, gopacket.Default)
		fmt.Printf("Packet: %s", goPacket.String())
}

Full example.

Miscellaneous

If you know/find the exact format of alert_unixsocks (or a good documentation), please write me an email.

Documentation ¶

Index ¶

func StartSocket(socketName string) chan *Alert
type Alert
type EventStruct

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func StartSocket ¶

func StartSocket(socketName string) chan *Alert

Types ¶

type Alert ¶

type Alert struct {
	Name     string
	PcapData []byte
	Event    *EventStruct
}

type EventStruct ¶

type EventStruct struct {
	SigGenerator   uint32
	SigId          uint32
	SigRev         uint32
	Classification uint32
	Priority       uint32
	EventId        uint32
	EventReference uint32
	Timestamp      uint32 // unix timestamp
}

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
examples

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL