Snort mailing list archives
Snmp traps v 1 ( cont ... )
From: Marcelo Correa <correa () furnas com br>
Date: Fri, 22 Feb 2002 11:02:36 -0300
Sandro, Thanks for the help ! I installed swatch and snort-1.8.3 on my Solaris 2.6 machine. Our management software console is Tivoli TME10 and it only understand snmp v 1 trap format. It is a comercial product, expensive and only understand snmp v 1 trap format. The way snort log things in /var/log/snort makes difficult work with swatch. I need to log only identified and critical alerts to only one place(alert.log) and with swatch send the snmp v 1 trap. I am using sneeze.pl to generate alerts. Do you know the program I can use to send snmp traps v 1 ? How can I log things in an easy way to identify the atacks ( something like sneeze output ) in one place ( not directories only a file with the alerts ) ? Can I get all the variables snort use with it's snmp v 2 trap format ? Thanks in advance, Marcelo "Poppi, Sandro" wrote:
Marcelo, as far as the snmp output processor is concerned there's only snmp v2c support. It may be possible to do a trick (just guessing, never done it, so don't blame me!): Let snort log to syslog, use swatch to capture snort alerts and send the trap with snmptrap -v 1 using the OID's shipped with snort (take a look into the MIBS directory of snort). HTH, SandroDear List, How can I make snort work with snmp traps v 1 ? Thanks, Marcelo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: Snmp traps v 1 Poppi, Sandro (Feb 21)
- Snmp traps v 1 ( cont ... ) Marcelo Correa (Feb 22)