[Snort-users] snort is not sending traps

twig les twigles at ...131...
Thu Jan 9 14:33:03 EST 2003


I'm in the middle of pounding through an SNMP config
of snort for my work, and while I'm in no position to
tell you how to do everything correctly, I can say
that tcpdump in the middle has helped tremendously. 
It seems that when I fix one thing I accidentally
break something else so at least I know when
*something* is going to my test nms.

BTW did anyone else notice that the documented syntax
for the SNMP setup in snort.conf is wrong?  The -p
option gives an error and I saw no mention of a -c. 
Either this slipped thru the cracks or my New Year's
eve in Amsterdam is still muddying my thinking. :-)

--- Christian Bock <Christian.Bock at ...7952...>
wrote:
> 
> the line in my config looks like
> 
> output trap_snmp: alert, 1, c, trap -v 2c -c public
> my.snmptrapd
> 
> I configured snort with 
> 
> ./ configure --with-mysql=... --with-ssl
> --with-snmp=...
> 
> ( using netSnmp 5.0.7.pre2 )
> 
> when starting snort no errors occure
> 
> alerts are produced ( e.g. portscanning )
> 
> where to start invesigating?
> are there some secrets I don't know?
> 
> chris
> 
> 
> 
>
-------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld =
> Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list