[Snort-users] trap to two destinations

Andrew R. Baker andrewb at ...950...
Tue Mar 26 11:56:06 EST 2002

Richard Noonan wrote:
> I am attempting to trap to two hosts from a single snort config.  I've 
> defined the ruletype below:
> ruletype dsnmp
> {
> type alert
> output trap_snmp: alert, 7, trap -v 2c -p 163 public
> output trap_snmp: alert, 7, trap -v 2c -p 162 public
> output alert_syslog: LOG_AUTH LOG_ALERT
> }
> And what happens is whichever trap_snmp appears 2nd gets the traps.  
> Whichever one appears first gets nothing.  Syslog seems to work always.  Is 
> this in fact an unsupported config?

The SnmpTrap output plugin does not currently support multiple instances 
of itself.  We may be able to add this functionality in Snort 1.9.


More information about the Snort-users mailing list