[Snort-users] trap to HPOV causes failure

Rob Hughes rob at ...1932...
Fri Mar 15 18:26:04 EST 2002


Pick trap or inform, not both. I run snort to an OV box running on
Solaris and don't have any issues, but I only use informs, not traps and
informs.If it still dies, let me know and I'll beat on it some and see
if I can beat Marty for once ;)

Rob

On Thu, 2002-03-14 at 17:13, Richard Noonan wrote:
> I'm running snort Version 1.8.3 (Build 88) on RedHat 7.2 with all recent 
> updates and trying to trap to an HPOV (Network Node Mgr. Release B.06.20) 
> system.  Test traffic is an nmap -sS -O scan of a victim on the same segment 
> (cisco spanned, actually).  Whenever snort is set to trap to the OV host it 
> dies right after the scan completes.  No core and the only log indication is 
> the kernel message that the interface has left promisc mode.  If I point 
> snort at a host running the ucd package snmptrapd everything is fine.  Traps 
> come through and snort keeps running.  Has anyone seen this?  
> 
> I configured the snort build with --with-snmp and --with-ssl.  Nothing funny 
> in my compile.  The output lines (straight from the example .conf) look like 
> this:
> 
> output trap_snmp: alert, 7, trap -v 2c -p 162  10.2.1.23 public
> output trap_snmp: alert, 7, inform -v 2c -p 162  10.2.1.23 public
> 
> and I'm starting it like this:
> 
> /usr/local/bin/snort -D -c /usr/local/etc/snort/snort.conf
> 
> Any config help or confirmation of a bug somewhere would be much appreciated.
> 
> Thanks-
> Rich
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list