[Snort-users] snmp traps going to 161, snmp plugin syntax?

twig les twigles at ...131...
Tue Jan 14 15:51:03 EST 2003


Hey *, having a bit of a pain in me gulliver here with
snort 1.90 (build 209) and net-snmp 5.06.  I have two
boxes, both running FreeBSD 4.7 Release, one is
running "snmptrapd -Os -P" to listen for traps, which
works fine since I see link up/down traps from my
switch all the time.  The other is running snort with
this in the snort.conf:

output trap_snmp: alert, 7, trap -v 2c -c myCommunity
nms

Now snort starts fine like this, but the traps never
show up at the nms box.  I tossed in a sniffer to see
what was happening and saw this when I wrote a quick
ICMP rule and triggered it:

L# tcpdump -ln host 192.168.1.4 and host 192.168.1.10
tcpdump: listening on ep0
15:29:19.753301 192.168.1.4.4978 > 192.168.1.10.161: 
C=myCommunity V2Trap(30)  .1.3.6.1.2.1.1.3.0=0
15:29:20.751553 192.168.1.4.4979 > 192.168.1.10.161: 
C=myCommunity V2Trap(30)  .1.3.6.1.2.1.1.3.0=0



More information about the Snort-users mailing list