[Snort-users] snort is not sending traps

Metz, Tim TMetz at ...4410...
Fri Jan 10 05:10:03 EST 2003


Twig,

yep... I've noticed and it seems no matter how I set up the output plugin I
get the error "no community string" or similar. Could you post your snmp
line (naturally without ip and community)?

Thanks,

Tim 

-----Original Message-----
From: twig les [mailto:twigles at ...131...]
Sent: Thursday, January 09, 2003 5:32 PM
To: Christian Bock; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort is not sending traps


I'm in the middle of pounding through an SNMP config
of snort for my work, and while I'm in no position to
tell you how to do everything correctly, I can say
that tcpdump in the middle has helped tremendously. 
It seems that when I fix one thing I accidentally
break something else so at least I know when
*something* is going to my test nms.

BTW did anyone else notice that the documented syntax
for the SNMP setup in snort.conf is wrong?  The -p
option gives an error and I saw no mention of a -c. 
Either this slipped thru the cracks or my New Year's
eve in Amsterdam is still muddying my thinking. :-)

--- Christian Bock <Christian.Bock at ...7952...>
wrote:
> 
> the line in my config looks like
> 
> output trap_snmp: alert, 1, c, trap -v 2c -c public
> my.snmptrapd
> 
> I configured snort with 
> 
> ./ configure --with-mysql=... --with-ssl
> --with-snmp=...
> 
> ( using netSnmp 5.0.7.pre2 )
> 
> when starting snort no errors occure
> 
> alerts are produced ( e.g. portscanning )
> 
> where to start invesigating?
> are there some secrets I don't know?
> 
> chris
> 
> 
> 
>
-------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld =
> Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself

-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list