Snort mailing list archives
RE: SNMP & Traps...
From: "Cavey, Mark A." <mark_a_cavey () md northgrum com>
Date: Mon, 11 Mar 2002 11:49:56 -0500
Here's my conf file. I use "snort-snmp -b -c ./snort.conf" to start Snort. I think the command line is wrong but I'm not sure. ################################################### var HOME_NET [0.0.0.0/24,0.0.0.0/16] var EXTERNAL_NET any var SMTP $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var DNS_SERVERS $HOME_NET ################################################### preprocessor frag2 preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384 preprocessor stream4: detect_scans preprocessor stream4_reassemble preprocessor http_decode: 80 -unicode -cginull preprocessor rpc_decode: 111 preprocessor bo: -nobrute preprocessor telnet_decode preprocessor portscan: $HOME_NET 4 3 portscan.log ################################################################## output trap_snmp: alert, 7, trap -v 2c -p 162 0.0.0.0 communitystring include classification.config ################################################################## include bad-traffic.rules include exploit.rules include scan.rules include finger.rules include ftp.rules include telnet.rules include smtp.rules include rpc.rules include rservices.rules include dos.rules include ddos.rules include dns.rules include tftp.rules include web-cgi.rules include web-coldfusion.rules include web-frontpage.rules include web-iis.rules include web-misc.rules include web-attacks.rules include sql.rules include x11.rules include icmp.rules include netbios.rules include misc.rules include attack-responses.rules include backdoor.rules # include shellcode.rules # include policy.rules # include porn.rules # include info.rules # include icmp-info.rules include virus.rules include local.rules -----Original Message----- From: Rob Hughes [mailto:rob () robhughes com] Sent: Saturday, March 09, 2002 11:29 AM To: snort-users () lists sourceforge net Cc: Cavey, Mark A. Subject: RE: [Snort-users] SNMP & Traps... Can you post your conf file and the configure options you used when you built snort? On Fri, 2002-03-08 at 12:34, Cavey, Mark A. wrote:
Forgive me first because I'm a Snort newbie... Can someone please recommend an efficient command line to start snort for snmp? It seems that I have snort working and configured Ok but still no traps are sent to our receiver. I believe I have the SNMP section of the snort.conf file configured properly. I've been using something like "snort-snmp -b -c ./snort.conf". Thanks for any suggestions... Mark _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SNMP & Traps... Cavey, Mark A. (Mar 08)
- RE: SNMP & Traps... Rob Hughes (Mar 09)
- <Possible follow-ups>
- RE: SNMP & Traps... Cavey, Mark A. (Mar 12)