[Snort-devel] [Fwd: Re: Snort-snmp for snort-2.0.0]

Glenn Mansfield Keeni glenn at ...1085...
Sun May 25 15:32:02 EDT 2003


Chris/Marty,
       The SnortSnmp module for Snort-2.0.0 is
ready. Could you please do the needful to put
this in the contrib section of the code. Please
let me know if anything will need to be done
before the code can be added to the contrib part.
       At some later date, I intend removing the
dependability on net-snmp/ucd-snmp. I guess that
then the code will be ready for independent audit
and we can think of bringing it back to the snort
core.

       Thanks and Cheers

             Glenn


-------- Original Message --------
Subject: Re: Snort-snmp for snort-2.0.0
Date: Sun, 25 May 2003 22:26:48 +0900
From: Glenn Mansfield Keeni <glenn at ...1085...>
Organization: Cyber Solutions Inc.
To: snort-devel at lists.sourceforge.net, "tech at ...486..." <tech at ...486...>
CC: snortSnmp at ...1085...
References: <20030502175136.V72924-100000 at ...970...>

Hi Folks,
     Sincere apologies for getting this thing out.
The SnortSnmp module compatible with snort-2.0.0
is ready. I have tried it on a number of
platforms
      Solaris[ucd-snmp-4.2.*],
      FreeBSD[ucd-snmp-4.2.* and net-snmp-5.0.*]
      Linux  [net-snmp-5.0.*].
It seems to be working without problems.

The software is available from
http://www.cysol.co.jp/contrib/snortsnmp/SnortSnmp-2.0.0-01.gz

Let me know if there are problems.

Thanks and Cheers

       Glenn


PS.
Excerpts from README.SNMP

Introduction.
     The snortSnmpPlugin enables snort to send snmp alerts to network
     managemement systems (NMS). The alerts can be traps (the alert will
     not be acknowledged by the receiver) or informs (the alert will be
     acknowledged by the receiver ).
     This adds significant power to the NMS by allowing it to monitor the
     security of the network. It also allows the snort sensor to exploit
     the features that are built into existing network management systems.

Requirements:
     The plugin requires the net-snmp (or ucd-snmp) libraries and header files.

     You will need to download and install the net-snmp (ucd-snmp)
     package before you try to install this plugin. The package can be
     downloaded from http://net-snmp.sourceforge.net/

     You will need the latest snort source distribution.

Activation Steps:

      NOTE: That the MIB files in the etc directory
            etc/SnortCommonMIB.txt
            etc/SnortIDAlertMIB.txt

        need to be referred to by snmp applications.

            [Otherwise the OID-to-name translation will not take place]
            refer to the snmpcmd manpages [do 'man snmpcmd'] for further details.


   0. Build the Snmp enabled snort package.
      DownLoad the SnortSnmpModule.
      uncompress and untar - it will contain
            README.SNMP                    -- This file
            SnortSnmpPatch-<Version>.gz.   -- Patch to build the Snmp enabled snort

      In the Snort home directory  (this is where snort is gunzipped and untarred)
      apply the patch SnortSnmpPatch e.g.

            zcat SnortSnmpPatch-2.0-01.gz | patch -c

      This will update the following files
            configure.in
            Makefile.am
            src/plugbase.c
            etc/snort.conf
      It will create the following files
            doc/README.SNMP
            etc/SnortCommonMIB.txt
            etc/SnortIDAlertMIB.txt
            src/output-plugins/spo_SnmpTrap.c
            src/output-plugins/spo_SnmpTrap.h

   1. follow the usual steps to build the package

            ./configure --with-snmp --with-openssl
            make
            su
            make install

....
....









More information about the Snort-devel mailing list