Skip to content
/ snortunsock Public

A Python listener to capture Snort event via the UNIX Socket output.

License

Apache-2.0 license
15 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

John-Lin/snortunsock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
examples
examples
 
 
snortunsock
snortunsock
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
README.rst
README.rst
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Snortunsock

A Python listener to capture Snort event via the UNIX Socket output.

Snortunsock can parse and show the alert message.

Installation

Install Snortunsock from PyPI:

$ pip install snortunsock

Usage

The basic usage

import dpkt

from snortunsock import snort_listener

for msg in snort_listener.start_recv("/tmp/snort_alert"):
    print('alertmsg: %s' % ''.join(msg.alertmsg))
    buf = msg.pkt

    # buf is a raw packet which can use dpkt library to parsing it

    # Unpack the Ethernet frame (mac src/dst, ethertype)
    eth = dpkt.ethernet.Ethernet(buf)

The complicated examples are in the examples folder

Related

  • See dpkt which is a fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols.

LICENSE

Apache License, Version 2.0

About

A Python listener to capture Snort event via the UNIX Socket output.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

15 stars

Watchers

3 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages