[Snort-users] Snort-1.8.7 + snmp support
cmg at ...1935...
Fri Jul 26 11:48:06 EDT 2002
"Schlottmann, Philipp, HO" <Philipp.Schlottmann at ...6359...> writes:
> I configured snort with mysql database output and snmp trap sending support.
> I only once force an event being triggered by using "nmap -sS someIP" and
> snort does produce an enormous neverending amount of SNMP traps (UDP). I
> checked it with tcpdump and grep'ed the community string. The SNMP traps
> themselves being again recognized by snort cause kind of an endless loop! My
> ACID console with underlying mysql snort db gets performance problems and so
> How comes that snort produces SNMP traps all the time just because of one
> triggered signature...and it never ends up with that?
Basically, its a problem of not using an out of band management
add this to your snort command line
not \( src 192.168.1.1 and udp and dst port 162 \)
where 192.168.1.1 is the IP address of your sensor
> How can I fix this? Is there a way to tell snort not to recognize the snmp
> traps it produced itself or to produce less traps or at least end up within
> some time?
> Thanx a lot!
> Philipp Schlottmann
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Chris Green <cmg at ...1935...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-users