Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SNMP & Traps...

From: "Cavey, Mark A." <mark_a_cavey () md northgrum com>
Date: Mon, 11 Mar 2002 11:49:56 -0500
Here's my conf file.  I use "snort-snmp -b -c ./snort.conf" to start Snort.
I think the command line is wrong but I'm not sure.

###################################################
var HOME_NET [0.0.0.0/24,0.0.0.0/16]
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
###################################################
preprocessor frag2
preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111 
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
##################################################################
output trap_snmp: alert, 7, trap -v 2c -p 162  0.0.0.0 communitystring
include classification.config
##################################################################
include bad-traffic.rules
include exploit.rules
include scan.rules
include finger.rules
include ftp.rules
include telnet.rules
include smtp.rules
include rpc.rules
include rservices.rules
include dos.rules
include ddos.rules
include dns.rules
include tftp.rules
include web-cgi.rules
include web-coldfusion.rules
include web-frontpage.rules
include web-iis.rules
include web-misc.rules
include web-attacks.rules
include sql.rules
include x11.rules
include icmp.rules
include netbios.rules
include misc.rules
include attack-responses.rules
include backdoor.rules
# include shellcode.rules
# include policy.rules
# include porn.rules
# include info.rules
# include icmp-info.rules
include virus.rules
include local.rules

-----Original Message-----
From: Rob Hughes [mailto:rob () robhughes com]
Sent: Saturday, March 09, 2002 11:29 AM
To: snort-users () lists sourceforge net
Cc: Cavey, Mark A.
Subject: RE: [Snort-users] SNMP & Traps...


Can you post your conf file and the configure options you used when you
built snort?

On Fri, 2002-03-08 at 12:34, Cavey, Mark A. wrote:

Forgive me first because I'm a Snort newbie...

Can someone please recommend an efficient command line to start snort for
snmp?  It seems that I have snort working and configured Ok but still no
traps are sent to our receiver.  I believe I have the SNMP section of the
snort.conf file configured properly.

I've been using something like "snort-snmp -b -c ./snort.conf".

Thanks for any suggestions...

Mark




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: