Snort mailing list archives
Snort 2.0 and SNMP - Plugin error
From: "Mike Koponick" <mkoponick () redhawk info>
Date: Thu, 29 May 2003 07:53:34 -0700
Hello, I' attempting to start SNMP with SNORT. The issue that I am having is that snort will not start (nor test) and fails on the snmp plugin. I followed the instructions for the patch provided by: http://www.cysol.co.jp/contrib/snortsnmp/SnortSnmp-2.0.0-01.tgz I'm using RH 8.0 with SNMP version: -sh-2.05b# rpm -q net-snmp net-snmp-5.0.6-8.80.2 Snort version: 2.0.0. All compiles fine and snort (with SNMP) works fine with the trap_snmp plugin commented out. Any information on this matter would be appreciated. Thanks in advance, Mike Here is a little information: -sh-2.05b# /etc/rc.d/init.d/snortd test Testing Snort's ConfgurationRunning in IDS mode Log directory = /var/log/snort Initializing Network Interface eth1 OpenPcap() device eth1 network lookup: eth1: no IPv4 address assigned --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth1 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Using LOCAL time Conversation Config: KeepStats: 0 Conv Count: 32000 Timeout : 60 Alert Odd?: 0 Allowed IP Protocols: All Portscan2 config: log: /var/log/snort/scan.log scanners_max: 3200 targets_max: 5000 target_limit: 5 port_limit: 20 timeout: 60 INFO => [Alert_FWsam](FWsamCheckIn) Connected to host 192.xx.xx.xx. database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = localhost database: sensor name = LogServer:eth1 database: sensor id = 1 database: schema version = 106 database: using the "log" facility ERROR: unknown output plugin: 'trap_snmp'Fatal Error, Quitting.. ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.0 and SNMP - Plugin error Mike Koponick (May 30)
- Re: Snort 2.0 and SNMP - Plugin error Erek Adams (May 30)
- <Possible follow-ups>
- RE: Snort 2.0 and SNMP - Plugin error Mike Koponick (Jun 01)