[Snort-users] Snort 2.0 and SNMP - Plugin error

Mike Koponick mkoponick at ...7385...
Fri May 30 08:05:04 EDT 2003


Hello,

I' attempting to start SNMP with SNORT. The issue that I am having is
that snort will not start (nor test) and fails on the snmp plugin.

I followed the instructions for the patch provided by:
http://www.cysol.co.jp/contrib/snortsnmp/SnortSnmp-2.0.0-01.tgz

I'm using RH 8.0 with SNMP version: 

-sh-2.05b# rpm -q net-snmp
net-snmp-5.0.6-8.80.2

Snort version: 2.0.0.

All compiles fine and snort (with SNMP) works fine with the trap_snmp
plugin commented out.

Any information on this matter would be appreciated.

Thanks in advance,

Mike


Here is a little information:

-sh-2.05b# /etc/rc.d/init.d/snortd test
Testing Snort's ConfgurationRunning in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth1
OpenPcap() device eth1 network lookup:
        eth1: no IPv4 address assigned

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth1
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Using LOCAL time
Conversation Config:
   KeepStats: 0
   Conv Count: 32000
   Timeout   : 60
   Alert Odd?: 0
   Allowed IP Protocols:  All

Portscan2 config:
    log: /var/log/snort/scan.log
    scanners_max: 3200
    targets_max: 5000
    target_limit: 5
    port_limit: 20
    timeout: 60
INFO => [Alert_FWsam](FWsamCheckIn) Connected to host 192.xx.xx.xx.
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = LogServer:eth1
database:     sensor id = 1
database: schema version = 106
database: using the "log" facility
ERROR: unknown output plugin: 'trap_snmp'Fatal Error, Quitting..






More information about the Snort-users mailing list