[Snort-users] Snmp traps v 1 ( cont ... )

Marcelo Correa correa at ...4128...
Fri Feb 22 06:04:02 EST 2002


Sandro,

Thanks for the help !
I installed swatch and snort-1.8.3 on my Solaris 2.6 machine. Our management
software console is Tivoli TME10 and it only understand snmp v 1 trap format.
It is a comercial product, expensive and only understand snmp v 1 trap format.

The way snort log things in /var/log/snort makes difficult work with swatch.
I need to log only identified and critical alerts to only one place(alert.log)
and with
swatch send the snmp v 1 trap.
I am using sneeze.pl to generate alerts.
Do you know the program I can use to send snmp traps v 1 ?
How can I log things in an easy way to identify the atacks ( something like
sneeze output ) in one place ( not directories only a file with the alerts ) ?
Can I get all the variables snort use with it's snmp v 2 trap format ?


Thanks in advance,

Marcelo

"Poppi, Sandro" wrote:

> Marcelo,
>
> as far as the snmp output processor is concerned there's only snmp v2c
> support.
>
> It may be possible to do a trick (just guessing, never done it, so don't
> blame me!): Let snort log to syslog, use swatch to capture snort alerts and
> send the trap with snmptrap -v 1 using the OID's shipped with snort (take a
> look into the MIBS directory of snort).
>
> HTH,
> Sandro
> >
> >
> > Dear List,
> >
> > How can I make snort work with snmp traps v 1 ?
> >
> > Thanks,
> >
> > Marcelo
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list