Snort mailing list archives
Re: trap to two destinations
From: "Andrew R. Baker" <andrewb () snort org>
Date: Tue, 26 Mar 2002 14:54:54 -0500
Richard Noonan wrote:
I am attempting to trap to two hosts from a single snort config. I've
defined the ruletype below:
ruletype dsnmp
{
type alert
output trap_snmp: alert, 7, trap -v 2c -p 163 10.2.1.3 public
output trap_snmp: alert, 7, trap -v 2c -p 162 10.2.1.4 public
output alert_syslog: LOG_AUTH LOG_ALERT
}
And what happens is whichever trap_snmp appears 2nd gets the traps.
Whichever one appears first gets nothing. Syslog seems to work always. Is
this in fact an unsupported config?
The SnmpTrap output plugin does not currently support multiple instances of itself. We may be able to add this functionality in Snort 1.9.
-A _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- trap to two destinations Richard Noonan (Mar 25)
- Re: trap to two destinations Andrew R. Baker (Mar 26)
- Re: trap to two destinations Mark D. Nagel (Mar 26)
- Re: trap to two destinations Andrew R. Baker (Mar 26)