[Snort-users] trap to HPOV causes failure
rnoonan at ...5308...
Thu Mar 14 15:14:02 EST 2002
I'm running snort Version 1.8.3 (Build 88) on RedHat 7.2 with all recent
updates and trying to trap to an HPOV (Network Node Mgr. Release B.06.20)
system. Test traffic is an nmap -sS -O scan of a victim on the same segment
(cisco spanned, actually). Whenever snort is set to trap to the OV host it
dies right after the scan completes. No core and the only log indication is
the kernel message that the interface has left promisc mode. If I point
snort at a host running the ucd package snmptrapd everything is fine. Traps
come through and snort keeps running. Has anyone seen this?
I configured the snort build with --with-snmp and --with-ssl. Nothing funny
in my compile. The output lines (straight from the example .conf) look like
output trap_snmp: alert, 7, trap -v 2c -p 162 10.2.1.23 public
output trap_snmp: alert, 7, inform -v 2c -p 162 10.2.1.23 public
and I'm starting it like this:
/usr/local/bin/snort -D -c /usr/local/etc/snort/snort.conf
Any config help or confirmation of a bug somewhere would be much appreciated.
More information about the Snort-users