The sockunix
module reads raw packets from a Unix UDP socket (AF_UNIX
, SOCK_DGRAM
).
The sockunix
module is an input module, meaning that its purpose is to read data from some sources, and convert it to Orchids events. The sources should be declared in the orchids-inputs.conf
file. Admissible sources are UDP (SOCK_DGRAM
) local connections (AF_UNIX
).
The sockunix
module reads from these sources and produces Orchids events, one per UDP packet. The contents of each packet will then be found in the .sockunix.msg
field of the event.
Configuration options
None.
(The sockunix
module in fact understands the special INPUT
directive. It takes a socket name as argument, and connects to that socket. This should not be used inside the sockunix
module configuration file. Instead, input should be specified in the orchids-inputs.conf
file.)
Fields
The last field is .sockunix.msg
, available for further dissection; the dissection key is .sockunix.socket
, which is the name of the local Unix socket.
Field | Type | Mono? | Description |
---|---|---|---|
.sockunix.event |
int | ✓ | event number |
.sockunix.time |
timeval | ✓ | reception time |
.sockunix.socket |
str | Unix socket name | |
.sockunix.msg |
bstr | message |