Skip to main content

A Python listener to capture Snort event via the UNIX Socket output

Project description

Snortunsock

A Python listener to capture Snort event via the UNIX Socket output.

Snortunsock can parse and show the alert message.

Installation

Install Snortunsock from PyPI:

$ pip install snortunsock

Usage

The basic usage

import dpkt

from snortunsock import snort_listener

for msg in snort_listener.start_recv("/tmp/snort_alert"):
    print('alertmsg: %s' % ''.join(msg.alertmsg))
    buf = msg.pkt

    # buf is a raw packet which can use dpkt library to parsing it

    # Unpack the Ethernet frame (mac src/dst, ethertype)
    eth = dpkt.ethernet.Ethernet(buf)

The complicated examples are in the examples folder

LICENSE

Apache License, Version 2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

snortunsock-0.0.5.tar.gz (7.8 kB view details)

Uploaded Source

File details

Details for the file snortunsock-0.0.5.tar.gz.

File metadata

  • Download URL: snortunsock-0.0.5.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for snortunsock-0.0.5.tar.gz
Algorithm Hash digest
SHA256 58feaaf05dee7a85eb203ebdf78860b78fdf59037de678fcd7f243fda01eabc2
MD5 2bef606169532b3c69940b0c9d1ec556
BLAKE2b-256 5628aa43b16088385cc585b901eb96322d962e88487a9214890f289925776425

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page