Snort mailing list archives
Re: Snort and SNMP
From: Chris Green <cmg () uab edu>
Date: 31 Jul 2001 00:07:38 -0500
"Wiley, Rob" <WileyR () autonation com> writes:
Can SNMP trapping be configured for Snort? I would like to forward alerts to a central NMS console (HP Openview) via SNMP in leiu of the syslog service.
Why yes, yes it can! A newly checked into feature into CVS (through the work of Glenn Mansfield Keeni and K. Jayanthi allows one to use either TRAPS or INFORMS. Logging via SNMP isn't something I have done so this documentation might be wrong. i would appreciate any feedback. Clip from the new ( 1.8.1 ) writing snort rules ( basically yanked from the source ) ------------ The SNMP trap output module allows Snort to direct alerts to a network management station (NMS). The MIB format is listed in the MIBS directory of the Snort distribution. SNMP allows Snort to integrate with many third party tools in a standard manner. Glenn Mansfield Keeni contributed this plugin and established an SNMP enterprise id for Snort (10234). This plugin is contains code licensed under a BSD license and its copyright notice is listed in Appendix A Format trap_snmp: : alert, <sensorID>, {trap | inform}, \ [SnmpOptions] , <snmptrapdAddress>, <community> alert specifies what type of events to relay to the NMS sensorID sensor name to differentiate multiple sensors trap use SNMP v2 traps inform use SNMP v2 informs ( the difference being that informs use acknowledgement from the NMS ) SnmpOptions -v 2c SNMPv2 c community -p remote port number for trap recipient snmptrapdAddress Network address of SNMP reciever community SNMP community string Example: trap_snmp: alert, internal, trap, 192.168.1.10, private
Using generic trapping is fine, I haven't quick figured out how to do it yet.
-- Chris Green <cmg () uab edu> You now have 14 minutes to reach minimum safe distance. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and SNMP Wiley, Rob (Jul 29)
- Re: Snort and SNMP Dragos Ruiu (Jul 29)
- Re: Snort and SNMP Chris Green (Jul 30)
- Re: Snort and SNMP Dragos Ruiu (Jul 31)
- Re: Snort and SNMP Glenn Mansfield Keeni (Jul 31)
- Re: Snort and SNMP Dragos Ruiu (Jul 31)
- <Possible follow-ups>
- RE: Snort and SNMP Wiley, Rob (Jul 31)