Snort mailing list archives
Re: trap to HPOV causes failure
From: Rob Hughes <rob () robhughes com>
Date: 15 Mar 2002 20:26:12 -0600
Pick trap or inform, not both. I run snort to an OV box running on Solaris and don't have any issues, but I only use informs, not traps and informs.If it still dies, let me know and I'll beat on it some and see if I can beat Marty for once ;) Rob On Thu, 2002-03-14 at 17:13, Richard Noonan wrote:
I'm running snort Version 1.8.3 (Build 88) on RedHat 7.2 with all recent updates and trying to trap to an HPOV (Network Node Mgr. Release B.06.20) system. Test traffic is an nmap -sS -O scan of a victim on the same segment (cisco spanned, actually). Whenever snort is set to trap to the OV host it dies right after the scan completes. No core and the only log indication is the kernel message that the interface has left promisc mode. If I point snort at a host running the ucd package snmptrapd everything is fine. Traps come through and snort keeps running. Has anyone seen this? I configured the snort build with --with-snmp and --with-ssl. Nothing funny in my compile. The output lines (straight from the example .conf) look like this: output trap_snmp: alert, 7, trap -v 2c -p 162 10.2.1.23 public output trap_snmp: alert, 7, inform -v 2c -p 162 10.2.1.23 public and I'm starting it like this: /usr/local/bin/snort -D -c /usr/local/etc/snort/snort.conf Any config help or confirmation of a bug somewhere would be much appreciated. Thanks- Rich _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- trap to HPOV causes failure Richard Noonan (Mar 14)
- Re: trap to HPOV causes failure Rob Hughes (Mar 15)
- Re: trap to HPOV causes failure Richard Noonan (Mar 18)
- Re: trap to HPOV causes failure Rob Hughes (Mar 15)