[Snort-users] snmp traps going to 161, snmp plugin syntax?

Erick Mechler emechler at ...7719...
Tue Jan 14 16:46:02 EST 2003


:: I have thus tried to force snort to specify the port
:: with the following lines in snort.conf, which got me
:: the corresponding results:
:: 
:: output trap_snmp: alert, 7, trap -v 2c -c myCommunity
:: nms -p 162
:: Snort starts, no effect.
:: 
:: output trap_snmp: alert, 7, trap -v 2c -p 162 -c
:: myCommunity nms
:: "Warning: -p option is no longer used - specify the
:: remote host as HOST:PORT
:: SnmpTrapPlugin:  Insufficient SnmpTrap parameters"
:: 
:: output trap_snmp: alert, 7, trap -v 2c -c myCommunity
:: nms:162
:: "SnmpTrapPlugin: Unresolvable Trap destination :
:: nms:162"

See http://www.cysol.co.jp/contrib/snortsnmp/snortSnmpGuide.html.  They say
you should use this format (which, BTW, works for me, as do the v3 examples
they give):

  output trap_snmp: alert, 7, trap -v 2c -p 162  myTrapListener myCommunity

Cheers - Erick




More information about the Snort-users mailing list