Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SNMP for Snort

From: "Glenn Mansfield Keeni" <glenn () cysol co jp>
Date: Sun, 19 Aug 2001 20:52:00 +0900
Hi,
   There does not seem to be anything wrong with the
MIB definitions. From your report it appears to me that
you need to configure your Openview to let it know about
the new MIBs. More likely than not this is where things
are going awry.
   Having said that, let me add that I haven't tried feeding
the traps to Openview. I will try that and let you know.

   Cheers

    Glenn


----- Original Message -----
From: "Michael Aylor" <maylor () swbanktx com>
To: <snortsnmp () cysols com>
Sent: Thursday, August 16, 2001 6:28 AM
Subject: SNMP for Snort



This is a fantastic, long overdue plugin to snort.  Kudos!  Now onto my
problem...

I'm not an snmp expert, so if I've done something really stupid, be

gentle.

I compiled snort with snmp, everything went fine.  I configured my snmp
plugin, ran snmptrapd and snort, generated alerts, and watched them go to
the SNMP server running HP Openview.

On Openview, I installed both MIBS that came with the snort distribution.
However, every alert I get from snort appears in Openview as an undefined
event, with lots of numbers and var strings (very unformatted).  My SNMP
admin is telling me the MIB isn't defined properly, or else it would have
told Openview how to interpret the alert.

Do I need to write some MIB stuff?  Any guidance would be appreciated....



Mike Aylor
Network Analyst II, CCNA
Southwest Bank of Texas
713-232-6744
maylor () swbanktx com


CONFIDENTIALITY NOTICE:

************************************************************************

The information contained in this ELECTRONIC MAIL transmission
is confidential.  It may also be privileged work product or proprietary
information. This information is intended for the exclusive use of the
addressee(s).  If you are not the intended recipient, you are hereby
notified that any use, disclosure, dissemination, distribution [other
than to the addressee(s)], copying or taking of any action because
of this information is strictly prohibited.

************************************************************************




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: