RE: Two questions: SNMP/Syslog

["Kenneth G. Arnold" <bkarnold () cbu edu>]

I went a little farther.  I tried to configure snort on a machine on
which I have a copy of ucd-snmp.  I didn't attempt to compile it but it
did get a successful configure including the snmp section.

checking for snmp... yes
checking for ucd-snmp/snmp_parse_args.h... yes

I was using snort-1.9.1 and ucd-snmp-4.2.3.  The source code for both was
off /usr/local in separate directories.  Is this the way your snort and
net-snmp source code is arranged?  If not, I would suggest you arrange it
so that both are off the same base directory structure and try again.

Ken

On Sat, 15 Mar 2003, Lance Lloyd wrote:

> Yeah, the file is there, but snort doesn't want to find it. I found an old
> thread where Andrew Baker gave the suggestion of commenting out that line.
> Unfortuntely the thread didn't indicate where or not this fix would break
> the snmp output plugin.  So I guess the question is, is commenting that line
> out equal to just excluding the --with-snmp switch? I do appreciate the
> response though.
>
> Lance
>
> -----Original Message-----
> From: Kenneth G. Arnold [mailto:bkarnold () cbu edu]
> Sent: Saturday, March 15, 2003 4:19 PM
> To: Lance Lloyd
> Subject: Re: [Snort-users] Two questions: SNMP/Syslog
>
>
> There is a file called snmp_parse_args.h included in my copy of ucd-snmp
> which was a precursor to net-snmp. There ought to be a copy somewhere in
> your net-snmp-5.0.7 installation also.  It is obvious that this file is
> needed in order to make snmp work and it is also obvious that the
> configure script can't find it for some reason.  I have not tried that
> option with my system so I don't have any direct experience. I hope
> someone with direct experience can be more helpful.
>
> Ken
>
> On Sat, 15 Mar 2003, Lance Lloyd wrote:
>
> > First, my setup:
> > Redhat 8
> > Snort 1.9.1
> > net-snmp-5.0.7
> >
> > Configuring snort with:
> > configure --with-mysql --with-snmp --enable-flexresp
> >
> > The first time I ran this I ran into this problem:
> > ERROR: unable to find snmp headers (snmp_parse_args.h in net-snmp-5.0.x)
> >
> > I found a work around that involved commenting out a line in the
> > "configure.in" file.  Everything seemed to install fine, but when I tried
> to
> > enable the SNMP output plugin, snort kicks out this error:
> > WARNING: unknown output plugin: 'trap_snmp'
> >
> > I take that as the "--with-snmp" part of my configure didn't work.  Is
> this
> > because of the "work around" and commenting out that line in the
> > "configure.in" file?
> >
> >
> > Second part of my question.  Is there a way to configure snort to dump to
> a
> > remote syslog daemon?
> >
> > Thanks,
> >
> > Lance


-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users