[Snort-users] snmp traps going to 161, snmp plugin syntax?

twig les twigles at ...131...
Tue Jan 14 15:51:03 EST 2003

Hey *, having a bit of a pain in me gulliver here with
snort 1.90 (build 209) and net-snmp 5.06.  I have two
boxes, both running FreeBSD 4.7 Release, one is
running "snmptrapd -Os -P" to listen for traps, which
works fine since I see link up/down traps from my
switch all the time.  The other is running snort with
this in the snort.conf:

output trap_snmp: alert, 7, trap -v 2c -c myCommunity

Now snort starts fine like this, but the traps never
show up at the nms box.  I tossed in a sniffer to see
what was happening and saw this when I wrote a quick
ICMP rule and triggered it:

L# tcpdump -ln host and host
tcpdump: listening on ep0
15:29:19.753301 > 
C=myCommunity V2Trap(30)  .
15:29:20.751553 > 
C=myCommunity V2Trap(30)  .

