Snort mailing list archives
Re: Snort and SNMP
From: "Glenn Mansfield Keeni" <glenn () cysol co jp>
Date: Wed, 1 Aug 2001 00:10:54 +0900
There is an update to the plugin - tested to generate SNMPv2 traps and SNMPv3 informs for the following platforms - Solaris 8 Linux (RedHat 7.1) FreeBSD 4-stable NetBSD-1.5 Cheers Glenn ----- Original Message ----- From: "Dragos Ruiu" <dr () kyx net> To: <snort-users () lists sourceforge net>; "Chris Green" <cmg () uab edu>; "Wiley, Rob" <WileyR () autonation com> Cc: <snort-users () lists sourceforge net> Sent: Tuesday, July 31, 2001 4:04 PM Subject: Re: [Snort-users] Snort and SNMP
Gotta love open source response time.... That's about one day elapsed time between request and implementation for a major new feature. (Ok so they were probably working on it before.... ;-) cheers, --dr On Mon, 30 Jul 2001, Chris Green wrote:"Wiley, Rob" <WileyR () autonation com> writes:Can SNMP trapping be configured for Snort? I would like to forward
alerts
to a central NMS console (HP Openview) via SNMP in leiu of the syslog service.Why yes, yes it can! A newly checked into feature into CVS (through the work of Glenn Mansfield Keeni and K. Jayanthi allows one to use either TRAPS or INFORMS. Logging via SNMP isn't something I have done so this documentation might be wrong. i would appreciate any feedback. Clip from the new ( 1.8.1 ) writing snort rules ( basically yanked from
the
source ) ------------ The SNMP trap output module allows Snort to direct alerts to a network management station (NMS). The MIB format is listed in the MIBS directory of the Snort distribution. SNMP allows Snort to integrate with many third party tools in a standard manner. Glenn Mansfield Keeni contributed this plugin and established an SNMP enterprise id for Snort (10234). This plugin is contains code licensed under a BSD license and its copyright notice is listed in Appendix A Format trap_snmp: : alert, <sensorID>, {trap | inform}, \ [SnmpOptions] , <snmptrapdAddress>, <community> alert specifies what type of events to relay to the NMS sensorID sensor name to differentiate multiple sensors trap use SNMP v2 traps inform use SNMP v2 informs ( the difference being that informs use acknowledgement from the NMS ) SnmpOptions -v 2c SNMPv2 c community -p remote port number for trap recipient snmptrapdAddress Network address of SNMP reciever community SNMP community string Example: trap_snmp: alert, internal, trap, 192.168.1.10, privateUsing generic trapping is fine, I haven't quick figured out how to do
it
yet.-- Chris Green <cmg () uab edu> You now have 14 minutes to reach minimum safe distance. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the
future
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and SNMP Wiley, Rob (Jul 29)
- Re: Snort and SNMP Dragos Ruiu (Jul 29)
- Re: Snort and SNMP Chris Green (Jul 30)
- Re: Snort and SNMP Dragos Ruiu (Jul 31)
- Re: Snort and SNMP Glenn Mansfield Keeni (Jul 31)
- Re: Snort and SNMP Dragos Ruiu (Jul 31)
- <Possible follow-ups>
- RE: Snort and SNMP Wiley, Rob (Jul 31)