[Snort-users] Cert Advisory and now no SNMP traps.

Chris Green cmg at ...1935...
Mon Apr 21 06:19:16 EDT 2003


"larosa, vjay" <larosa_vjay at ...3331...> writes:

> Well I have to say this sucks. Now those of us that rely on SNMP traps
> are forced to upgrade to snort 2.0 and will lose our NMS
> integrations.

SNMPTrap was removed because it was easier to throw away
functionality than to verify it's string handling operations. I don't
know of an exact vulnerability

You have 2 choices:

1) Merge in snmptrap from 1.9 ( pretty easy task ) This is entirely
   unsupported.
2) Switch to a different output mechanism like syslog.
>
> Anyway, I am going to write a program to select events of interest from
> A Mysql database and will send SNMP traps to the NMS on behalf of snort.

If you are going to do this, I'd recommend you instead write a plugin
for barnyard.
-- 
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx




More information about the Snort-users mailing list