J
Jamie Saker
I think I'm overlooking something assumed in socket's makefile method.
Googling several hours and digging thru the python reference didn't help - I
think I'm overlooking an assumption between Python and UNIX socket objects
neither is explicitely discussing. I think my mknod
In the makefile operation on socket (pydoc socket.socket.makefile... using
AF_UNIX, allowing you to create a file object to correspond to a socket) I've
got an sample program (goal: open up unix file socket object for snort's
alert_unixsock output mode to dump to. later, take data written into file
object and process) as follows:
#######################################3
#!/usr/bin/python
## socketfile.py
## for socket file object to collect snort data via alert_unixsock output
"""makes file interface to socket. demo application takes data written to file
and prints it."""
from socket import *
import os
FILE = 'snort_alert'
#FILE = '/dev/log'
if not os.path.exists(FILE):
print "Creating file..."
os.mknod(FILE)
s = socket(AF_UNIX, SOCK_DGRAM)
# SOCK_DGRAM for UDP compatibility with /dev/log - errors
# on SOCK_STREAM reference for /dev/log
s.connect(FILE)
f = s.makefile('rw')
while 1:
print "Data: %s" % f.readline(1024)
f.flush()
#######################################3
If I guess correctly, socket.makefile might be wanting to use a block or
character file, which I may not be setting up properly. pydoc on os.mknod
refers to os.makedev which is even sparser on explanation. Part of the reason
for my guess is that:
- permissions on my snort_alert file don't look right:
-rw------- 1 sysadmin users 0 Dec 10 02:58 snort_alert
compared to:
srw-rw-rw- 1 root root 0 Dec 10 01:14 /dev/log=
And when I use /dev/log instead (which exists), it connects to the file object
and runs (though snort does not want to dump to /dev/log and the limitations
of the alert_unixsock output method limit it to /var/log/snort/snort_alert
only). Any thoughts from the socket savvy would be *greatly* appreciated!
Jamie
Googling several hours and digging thru the python reference didn't help - I
think I'm overlooking an assumption between Python and UNIX socket objects
neither is explicitely discussing. I think my mknod
In the makefile operation on socket (pydoc socket.socket.makefile... using
AF_UNIX, allowing you to create a file object to correspond to a socket) I've
got an sample program (goal: open up unix file socket object for snort's
alert_unixsock output mode to dump to. later, take data written into file
object and process) as follows:
#######################################3
#!/usr/bin/python
## socketfile.py
## for socket file object to collect snort data via alert_unixsock output
"""makes file interface to socket. demo application takes data written to file
and prints it."""
from socket import *
import os
FILE = 'snort_alert'
#FILE = '/dev/log'
if not os.path.exists(FILE):
print "Creating file..."
os.mknod(FILE)
s = socket(AF_UNIX, SOCK_DGRAM)
# SOCK_DGRAM for UDP compatibility with /dev/log - errors
# on SOCK_STREAM reference for /dev/log
s.connect(FILE)
f = s.makefile('rw')
while 1:
print "Data: %s" % f.readline(1024)
f.flush()
#######################################3
If I guess correctly, socket.makefile might be wanting to use a block or
character file, which I may not be setting up properly. pydoc on os.mknod
refers to os.makedev which is even sparser on explanation. Part of the reason
for my guess is that:
- permissions on my snort_alert file don't look right:
-rw------- 1 sysadmin users 0 Dec 10 02:58 snort_alert
compared to:
srw-rw-rw- 1 root root 0 Dec 10 01:14 /dev/log=
And when I use /dev/log instead (which exists), it connects to the file object
and runs (though snort does not want to dump to /dev/log and the limitations
of the alert_unixsock output method limit it to /var/log/snort/snort_alert
only). Any thoughts from the socket savvy would be *greatly* appreciated!
Jamie