A Python listener to capture Snort event via the UNIX Socket output
Project description
Snortunsock
A Python listener to capture Snort event via the UNIX Socket output.
Snortunsock can parse and show the alert message.
Installation
Install Snortunsock from PyPI:
$ pip install snortunsock
Usage
The basic usage
import dpkt
from snortunsock import snort_listener
for msg in snort_listener.start_recv("/tmp/snort_alert"):
print('alertmsg: %s' % ''.join(msg.alertmsg))
buf = msg.pkt
# buf is a raw packet which can use dpkt library to parsing it
# Unpack the Ethernet frame (mac src/dst, ethertype)
eth = dpkt.ethernet.Ethernet(buf)The complicated examples are in the examples folder
LICENSE
Apache License, Version 2.0
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
snortunsock-0.0.5.tar.gz
(7.8 kB
view details)
File details
Details for the file snortunsock-0.0.5.tar.gz.
File metadata
- Download URL: snortunsock-0.0.5.tar.gz
- Upload date:
- Size: 7.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
58feaaf05dee7a85eb203ebdf78860b78fdf59037de678fcd7f243fda01eabc2
|
|
| MD5 |
2bef606169532b3c69940b0c9d1ec556
|
|
| BLAKE2b-256 |
5628aa43b16088385cc585b901eb96322d962e88487a9214890f289925776425
|
