[Snort-devel] Further info on traps from Snort (mib bug)
Robert D. Hughes
rob at ...825...
Thu Oct 4 05:44:01 EDT 2001
First, a big thanks to Chris and Glenn for helping my understand how to
get this working.
So, now I have traps coming into NNM, but I noticed that they weren't
following the formatting I'd done for them. When I highlighted an event
and told the alarm browser to configure the event, I got an error
stating that it didn't exist. After a bit of poking I realized that the
trap that's coming in has the number .22.214.171.124.4.1.10126.96.36.199 but the
enterprise for snortIDSAlertMIB had been added with an enterprise number
of .188.8.131.52.4.1.10234.2.1. This was confusing NNM. I went into
trapd.conf and edited the enterprise number to match that coming in with
the traps and now everything works exactly as expected and I have alarms
coming into my central console, along with the rest of my network
element events. Now to see what I can do with some ECS pair-wise
I see a lot of things I really like in snort, and now I'm just sorry I
didn't start using it sooner. Thanks to all for a really great piece of
industrial quality software.
Enterprise Management Specialist
Voice (H) (972) 918-0980
Voice (W) (972) 378-3277 ext. 204
Voice (C) (214) 282-7996
Email rob at ...825..., rob.hughes at ...826...
"Great spirits have always encountered violent opposition from mediocre
minds." -- Albert Einstein
More information about the Snort-devel