[Snort-users] Snort SNMP Variables are not consistent?

Martin Roesch roesch at ...1935...
Fri Mar 15 16:10:01 EST 2002


Geez man, give us a chance!  I don't normally run SNMP alerting and I have
to setup a test environment here to check it out, gimme a little time and
I'll get on it.

    -Marty

On 3/15/02 4:18 PM, "Vjay LaRosa" <vjayl at ...3331...> wrote:

> O.Kay,
> 
> I give up. I guess nobody else that sends SNMP traps with snort has
> noticed this. If any one knows why it is doing
> this I would appreciate it. Or at least if someone else sees the same
> thing let me know.
> 
> vjl
> 
> 
> 
> Vjay LaRosa wrote:
> 
>> Hello,
>> 
>> Is any one else using snort 1.8.4 Beta-4 to send SNMP traps? I have
>> snort configured to trap to our Netcool
>> Omnibus server.
>> 
>> Originally snort 1.8.4 Beta-1 was sending the following information in
>> these variables.
>> 
>> $8      Src IP
>> $10    Dst IP
>> $11    Src Port
>> $12    Dst Port
>> 
>> But now that I upgraded I noticed that some alerts use this as their
>> variable mappings,
>> 
>> $7      Src IP
>> $9      Dst IP
>> $10    Src Port
>> $11    Dst Port
>> 
>> but some alerts are still sent using the old format. What's up with
>> this? Am I crazy or is something not right?
>> 
>> vjl
>> 
>> --
>>  V.Jay LaRosa                           EMC Corporation
>>  Systems Administrator                  171 South Street
>>  (508)435-1000 ext 14957                Hopkinton, MA 01748
>>  (508)497-8082 fax                      www.emc.com
>> 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> --
> V.Jay LaRosa                           EMC Corporation
> Systems Administrator                  171 South Street
> (508)435-1000 ext 14957                Hopkinton, MA 01748
> (508)497-8082 fax                      www.emc.com
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list