[Snort-users] AW: Snmp traps v 1 ( cont ... )

Poppi, Sandro Sandro.Poppi at ...3316...
Fri Feb 22 06:28:04 EST 2002


Marcelo,
> 
> Sandro,
> 
> Thanks for the help !

Anytime!

[snip]
> Do you know the program I can use to send snmp traps v 1 ?

On our Solaris 8 (Sparc) I found /usr/sbin/snmp_trapsend which seems to be
what you need. I've never tested it and am not a Solaris guru so you'll have
to try yourself ;)

> How can I log things in an easy way to identify the atacks ( 
> something like
> sneeze output ) in one place ( not directories only a file 
> with the alerts ) ?

I use the output alert_syslog option in snort.conf to log to syslog. If you
would prefer a single file for snort alerts you might use
output alert_syslog: LOG_LOCAL0 LOG_ALERT LOG_PID

and edit /etc/syslog.conf and add something like
local0.*	<put-in-your-path-and-filename-here>

Ahm, I tested this with linux, should be similiar with solaris.

Then use swatch to send trap.

HTH,
Sandro




More information about the Snort-users mailing list