Snort mailing list archives
Re: snmp traps going to 161, snmp plugin syntax?
From: twig les <twigles () yahoo com>
Date: Tue, 14 Jan 2003 18:03:15 -0800 (PST)
I should have mentioned that I tried that style of syntax first and it got me errors (mostly the -p being deprecated). I've also tried the README.snmp, the faq, the archives, google, more tinkering, the man pages for snort and net-snmp, and also the page you referenced. I'm pretty well out of ideas here, but that could just be because I am a net-snmp noob. --- Erick Mechler <emechler () techometer net> wrote:
:: I have thus tried to force snort to specify the port :: with the following lines in snort.conf, which got me :: the corresponding results: :: :: output trap_snmp: alert, 7, trap -v 2c -c myCommunity :: nms -p 162 :: Snort starts, no effect. :: :: output trap_snmp: alert, 7, trap -v 2c -p 162 -c :: myCommunity nms :: "Warning: -p option is no longer used - specify the :: remote host as HOST:PORT :: SnmpTrapPlugin: Insufficient SnmpTrap parameters" :: :: output trap_snmp: alert, 7, trap -v 2c -c myCommunity :: nms:162 :: "SnmpTrapPlugin: Unresolvable Trap destination : :: nms:162" See
http://www.cysol.co.jp/contrib/snortsnmp/snortSnmpGuide.html.
They say you should use this format (which, BTW, works for me, as do the v3 examples they give): output trap_snmp: alert, 7, trap -v 2c -p 162 myTrapListener myCommunity Cheers - Erick
-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snmp traps going to 161, snmp plugin syntax? twig les (Jan 14)
- Re: snmp traps going to 161, snmp plugin syntax? Erick Mechler (Jan 14)
- Re: snmp traps going to 161, snmp plugin syntax? twig les (Jan 14)
- Re: snmp traps going to 161, snmp plugin syntax? Erick Mechler (Jan 14)