[Snort-users] trap to two destinations
Andrew R. Baker
andrewb at ...950...
Tue Mar 26 11:56:06 EST 2002
Richard Noonan wrote:
> I am attempting to trap to two hosts from a single snort config. I've
> defined the ruletype below:
> ruletype dsnmp
> type alert
> output trap_snmp: alert, 7, trap -v 2c -p 163 10.2.1.3 public
> output trap_snmp: alert, 7, trap -v 2c -p 162 10.2.1.4 public
> output alert_syslog: LOG_AUTH LOG_ALERT
> And what happens is whichever trap_snmp appears 2nd gets the traps.
> Whichever one appears first gets nothing. Syslog seems to work always. Is
> this in fact an unsupported config?
The SnmpTrap output plugin does not currently support multiple instances
of itself. We may be able to add this functionality in Snort 1.9.
More information about the Snort-users