[Snort-users] trap to two destinations

Andrew R. Baker andrewb at ...950...
Tue Mar 26 11:56:06 EST 2002


Richard Noonan wrote:
> I am attempting to trap to two hosts from a single snort config.  I've 
> defined the ruletype below:
> 
> ruletype dsnmp
> {
> type alert
> output trap_snmp: alert, 7, trap -v 2c -p 163  10.2.1.3 public
> output trap_snmp: alert, 7, trap -v 2c -p 162  10.2.1.4 public
> output alert_syslog: LOG_AUTH LOG_ALERT
> }
> 
> And what happens is whichever trap_snmp appears 2nd gets the traps.  
> Whichever one appears first gets nothing.  Syslog seems to work always.  Is 
> this in fact an unsupported config?

The SnmpTrap output plugin does not currently support multiple instances 
of itself.  We may be able to add this functionality in Snort 1.9.

-A






More information about the Snort-users mailing list