snortunsock

A Python listener to capture Snort event via the UNIX Socket output

Classifiers

Development Status: 4 - Beta
Environment: Console
Intended Audience: Developers
License: OSI Approved :: Apache Software License
Operating System: OS Independent
Programming Language: Python; Python :: 2.7
Topic: Software Development :: Libraries :: Python Modules; Utilities

Project Description

Snortunsock

A Python listener to capture Snort event via the UNIX Socket output.

Snortunsock can parse and show the alert message.

Installation

Install Snortunsock from PyPI:

$ pip install snortunsock

Usage

The basic usage

import dpkt

from snortunsock import snort_listener

for msg in snort_listener.start_recv("/tmp/snort_alert"):
    print('alertmsg: %s' % ''.join(msg.alertmsg))
    buf = msg.pkt

    # buf is a raw packet which can use dpkt library to parsing it

    # Unpack the Ethernet frame (mac src/dst, ethertype)
    eth = dpkt.ethernet.Ethernet(buf)