Snort mailing list archives
Re: SNMP for Snort
From: "Glenn Mansfield Keeni" <glenn () cysol co jp>
Date: Sun, 19 Aug 2001 20:52:00 +0900
Hi, There does not seem to be anything wrong with the MIB definitions. From your report it appears to me that you need to configure your Openview to let it know about the new MIBs. More likely than not this is where things are going awry. Having said that, let me add that I haven't tried feeding the traps to Openview. I will try that and let you know. Cheers Glenn ----- Original Message ----- From: "Michael Aylor" <maylor () swbanktx com> To: <snortsnmp () cysols com> Sent: Thursday, August 16, 2001 6:28 AM Subject: SNMP for Snort
This is a fantastic, long overdue plugin to snort. Kudos! Now onto my problem... I'm not an snmp expert, so if I've done something really stupid, be
gentle.
I compiled snort with snmp, everything went fine. I configured my snmp plugin, ran snmptrapd and snort, generated alerts, and watched them go to the SNMP server running HP Openview. On Openview, I installed both MIBS that came with the snort distribution. However, every alert I get from snort appears in Openview as an undefined event, with lots of numbers and var strings (very unformatted). My SNMP admin is telling me the MIB isn't defined properly, or else it would have told Openview how to interpret the alert. Do I need to write some MIB stuff? Any guidance would be appreciated.... Mike Aylor Network Analyst II, CCNA Southwest Bank of Texas 713-232-6744 maylor () swbanktx com CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: SNMP for Snort Glenn Mansfield Keeni (Aug 19)