[Snort-users] SNMP alerts?
glenn at ...1097...
Fri Jan 5 23:02:23 EST 2001
Snmp Alerts ? Yes our snort output plugins do send out snmpalerts -
and secure ones too. It is no big deal. The corresponding MIB which
defines the objects that will be used in the alerts are defined in
The "sensor" MIB has used Snort as the model.
We have this MIB implemented on tiny IDSs running snort and generating
snmp-alerts [Nothing else]. The almighty managers receiving the alerts
do the work and even generate XML messages in conformance with the
present proposed IDMEF XML-DTD. [This was demonstrated at the
IETF-IDWG meeting at SanDiego. Details should be there in the minutes]
For those who want the MIB, it is already there - let me know if there are
more things that we will need in the MIB. I intend having a core MIB which
contains the essentials and several extension MIBs for Packet formats,
patterns, specific attacks ......
For those who want the code, please hold on. I need to do the packaging so
that only a few simple steps are required to build and make. It is coming
----- Original Message -----
From: "Martin Roesch" <roesch at ...421...>
To: "Dragos Ruiu" <dr at ...381...>
Cc: "Fyodor" <fygrave at ...121...>; "Jeff Dell" <jdell at ...912...>;
<snort-users at lists.sourceforge.net>
Sent: Tuesday, December 05, 2000 4:04 PM
Subject: Re: [Snort-users] SNMP alerts?
> If someone codes it up, I'll include it. Don't we have to purchase some
> of unique ID for our SNMP traffic, thought? I seem to remember something
> about that (watch as Marty reveals his astounding ignorance of all things
> SNMP...) :)
> Dragos Ruiu wrote:
> > On Mon, 04 Dec 2000, Fyodor wrote:
> > > On Mon, Dec 04, 2000 at 11:51:49AM -0500, Jeff Dell wrote:
> > > > Has anyone thought about implementing snmp alerts within Snort?
> > > > the smbalerts, but instead of a popup message, it is a snmp trap?
> > > >
> > >
> > > yup, "throught", :), want to code it? :)
> > And please save us all some security grief if you do... please
> > look at V3 before implementing, though it may look "simple", imho
> > it has some safety concerns... :-)
> > cheers,
> > --dr
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> Martin Roesch
> roesch at ...421...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users