[Snort-users] trap to HPOV causes failure

Richard Noonan rnoonan at ...5308...
Thu Mar 14 15:14:02 EST 2002


I'm running snort Version 1.8.3 (Build 88) on RedHat 7.2 with all recent 
updates and trying to trap to an HPOV (Network Node Mgr. Release B.06.20) 
system.  Test traffic is an nmap -sS -O scan of a victim on the same segment 
(cisco spanned, actually).  Whenever snort is set to trap to the OV host it 
dies right after the scan completes.  No core and the only log indication is 
the kernel message that the interface has left promisc mode.  If I point 
snort at a host running the ucd package snmptrapd everything is fine.  Traps 
come through and snort keeps running.  Has anyone seen this?  

I configured the snort build with --with-snmp and --with-ssl.  Nothing funny 
in my compile.  The output lines (straight from the example .conf) look like 
this:

output trap_snmp: alert, 7, trap -v 2c -p 162  10.2.1.23 public
output trap_snmp: alert, 7, inform -v 2c -p 162  10.2.1.23 public

and I'm starting it like this:

/usr/local/bin/snort -D -c /usr/local/etc/snort/snort.conf

Any config help or confirmation of a bug somewhere would be much appreciated.

Thanks-
Rich




More information about the Snort-users mailing list