[Snort-users] Snmp traps v 1 ( cont ... )
correa at ...4128...
Fri Feb 22 06:04:02 EST 2002
Thanks for the help !
I installed swatch and snort-1.8.3 on my Solaris 2.6 machine. Our management
software console is Tivoli TME10 and it only understand snmp v 1 trap format.
It is a comercial product, expensive and only understand snmp v 1 trap format.
The way snort log things in /var/log/snort makes difficult work with swatch.
I need to log only identified and critical alerts to only one place(alert.log)
swatch send the snmp v 1 trap.
I am using sneeze.pl to generate alerts.
Do you know the program I can use to send snmp traps v 1 ?
How can I log things in an easy way to identify the atacks ( something like
sneeze output ) in one place ( not directories only a file with the alerts ) ?
Can I get all the variables snort use with it's snmp v 2 trap format ?
Thanks in advance,
"Poppi, Sandro" wrote:
> as far as the snmp output processor is concerned there's only snmp v2c
> It may be possible to do a trick (just guessing, never done it, so don't
> blame me!): Let snort log to syslog, use swatch to capture snort alerts and
> send the trap with snmptrap -v 1 using the OID's shipped with snort (take a
> look into the MIBS directory of snort).
> > Dear List,
> > How can I make snort work with snmp traps v 1 ?
> > Thanks,
> > Marcelo
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users