[Snort-devel] Further info on traps from Snort (mib bug)

Robert D. Hughes rob at ...825...
Thu Oct 4 05:44:01 EDT 2001


First, a big thanks to Chris and Glenn for helping my understand how to
get this working.

So, now I have traps coming into NNM, but I noticed that they weren't
following the formatting I'd done for them. When I highlighted an event
and told the alarm browser to configure the event, I got an error
stating that it didn't exist. After a bit of poking I realized that the
trap that's coming in has the number .1.3.6.1.4.1.10234.2.1.3 but the
enterprise for snortIDSAlertMIB had been added with an enterprise number
of .1.3.6.1.4.1.10234.2.1. This was confusing NNM. I went into
trapd.conf and edited the enterprise number to match that coming in with
the traps and now everything works exactly as expected and I have alarms
coming into my central console, along with the rest of my network
element events. Now to see what I can do with some ECS pair-wise
circuits ;)

I see a lot of things I really like in snort, and now I'm just sorry I
didn't start using it sooner. Thanks to all for a really great piece of
industrial quality software.

Rob Hughes 
Enterprise Management Specialist 
Voice (H) (972) 918-0980 
Voice (W) (972) 378-3277 ext. 204
Voice (C) (214) 282-7996 
Email rob at ...825..., rob.hughes at ...826... 
___________________________________________

"Great spirits have always encountered violent opposition from mediocre
minds." -- Albert Einstein 





More information about the Snort-devel mailing list