Re: SNMP Questions

[Sean Brown <sblinux () shaw ca>]

On August 10, 2004 11:58 am, Brian Zuromski wrote:
> Hello,
>
>          I'm using snort 2.1.3 on RHES 3.0 and I'm having an issue with
> SNMP alerts.  I've set my 'var SNMP_SERVERS' to my current SNMP
> monitoring servers on our network.  My problem is that the alerts are
> still being generated and filling up my database from our monitoring
> server. .  I want it to alert on any SNMP traffic except coming from our
> SNMP monitoring servers in 'var SNMP_SERVERS'.   Can anyone help?  Or
> maybe I'm doing something wrong.

I had a similar problem, I had configured snmpd not to send traps so I knew 
any legitimate traffic was originating only from the monitoring station so I 
just have a pass rule for snmp traffic from that system to my snmpd hosts. I 
don't know if your setup is quite as simple, but its worked well here so far.

-Sean Brown


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users