[Snort-users] trap to two destinations
rnoonan at ...5308...
Mon Mar 25 14:01:48 EST 2002
I am attempting to trap to two hosts from a single snort config. I've
defined the ruletype below:
output trap_snmp: alert, 7, trap -v 2c -p 163 10.2.1.3 public
output trap_snmp: alert, 7, trap -v 2c -p 162 10.2.1.4 public
output alert_syslog: LOG_AUTH LOG_ALERT
And what happens is whichever trap_snmp appears 2nd gets the traps.
Whichever one appears first gets nothing. Syslog seems to work always. Is
this in fact an unsupported config?
More information about the Snort-users