Snort mailing list archives
RE: Snort and SNMP
From: "Wiley, Rob" <WileyR () autonation com>
Date: Tue, 31 Jul 2001 09:51:49 -0400
Can I get fries and a coke with that?! Thanks for the response folks!! ______________________________ R o b W i l e y Sr. Networking Engineer Ft.Lauderdale, FL AutoNation, Inc. mailto:wileyr () autonation com http://www.autonation.com \!/ (@ @) ----oOO-(_)-OOo-------- Disclaimer: The above comments are my own and do not represent the position of AutoNation, Inc. -----Original Message----- From: Dragos Ruiu [mailto:dr () kyx net] Sent: Tuesday, July 31, 2001 3:04 AM To: snort-users () lists sourceforge net; Chris Green; Wiley, Rob Cc: 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] Snort and SNMP Gotta love open source response time.... That's about one day elapsed time between request and implementation for a major new feature. (Ok so they were probably working on it before.... ;-) cheers, --dr On Mon, 30 Jul 2001, Chris Green wrote:
"Wiley, Rob" <WileyR () autonation com> writes:Can SNMP trapping be configured for Snort? I would like to forward
alerts
to a central NMS console (HP Openview) via SNMP in leiu of the syslog service.Why yes, yes it can! A newly checked into feature into CVS (through the work of Glenn Mansfield Keeni and K. Jayanthi allows one to use either TRAPS or INFORMS. Logging via SNMP isn't something I have done so this documentation might be wrong. i would appreciate any feedback. Clip from the new ( 1.8.1 ) writing snort rules ( basically yanked from
the
source ) ------------ The SNMP trap output module allows Snort to direct alerts to a network management station (NMS). The MIB format is listed in the MIBS directory of the Snort distribution. SNMP allows Snort to integrate with many third party tools in a standard manner. Glenn Mansfield Keeni contributed this plugin and established an SNMP enterprise id for Snort (10234). This plugin is contains code licensed under a BSD license and its copyright notice is listed in Appendix A Format trap_snmp: : alert, <sensorID>, {trap | inform}, \ [SnmpOptions] , <snmptrapdAddress>, <community> alert specifies what type of events to relay to the NMS sensorID sensor name to differentiate multiple sensors trap use SNMP v2 traps inform use SNMP v2 informs ( the difference being that informs use acknowledgement from the NMS ) SnmpOptions -v 2c SNMPv2 c community -p remote port number for trap recipient snmptrapdAddress Network address of SNMP reciever community SNMP community string Example: trap_snmp: alert, internal, trap, 192.168.1.10, privateUsing generic trapping is fine, I haven't quick figured out how to do it yet.-- Chris Green <cmg () uab edu> You now have 14 minutes to reach minimum safe distance. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and SNMP Wiley, Rob (Jul 29)
- Re: Snort and SNMP Dragos Ruiu (Jul 29)
- Re: Snort and SNMP Chris Green (Jul 30)
- Re: Snort and SNMP Dragos Ruiu (Jul 31)
- Re: Snort and SNMP Glenn Mansfield Keeni (Jul 31)
- Re: Snort and SNMP Dragos Ruiu (Jul 31)
- <Possible follow-ups>
- RE: Snort and SNMP Wiley, Rob (Jul 31)