Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snmp traps going to 161, snmp plugin syntax?

From: twig les <twigles () yahoo com>
Date: Tue, 14 Jan 2003 18:03:15 -0800 (PST)
I should have mentioned that I tried that style of
syntax first and it got me errors (mostly the -p being
deprecated).  I've also tried the README.snmp, the
faq, the archives, google, more tinkering, the man
pages for snort and net-snmp, and also the page you
referenced.  I'm pretty well out of ideas here, but
that could just be because I am a net-snmp noob.


--- Erick Mechler <emechler () techometer net> wrote:

:: I have thus tried to force snort to specify the
port
:: with the following lines in snort.conf, which got
me
:: the corresponding results:
:: 
:: output trap_snmp: alert, 7, trap -v 2c -c
myCommunity
:: nms -p 162
:: Snort starts, no effect.
:: 
:: output trap_snmp: alert, 7, trap -v 2c -p 162 -c
:: myCommunity nms
:: "Warning: -p option is no longer used - specify
the
:: remote host as HOST:PORT
:: SnmpTrapPlugin:  Insufficient SnmpTrap
parameters"
:: 
:: output trap_snmp: alert, 7, trap -v 2c -c
myCommunity
:: nms:162
:: "SnmpTrapPlugin: Unresolvable Trap destination :
:: nms:162"

See


http://www.cysol.co.jp/contrib/snortsnmp/snortSnmpGuide.html.

 They say
you should use this format (which, BTW, works for
me, as do the v3 examples
they give):

  output trap_snmp: alert, 7, trap -v 2c -p 162 
myTrapListener myCommunity

Cheers - Erick




-------------------------------------------------------

This SF.NET email is sponsored by: Take your first
step towards giving 
your online business a competitive advantage.
Test-drive a Thawte SSL 
certificate - our easy online guide will show you
how. Click here to get 
started:


http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving 
your online business a competitive advantage. Test-drive a Thawte SSL 
certificate - our easy online guide will show you how. Click here to get 
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: