Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cert Advisory and now no SNMP traps.

From: Chris Green <cmg () sourcefire com>
Date: Mon, 21 Apr 2003 09:18:44 -0400
"larosa, vjay" <larosa_vjay () emc com> writes:


Well I have to say this sucks. Now those of us that rely on SNMP traps
are forced to upgrade to snort 2.0 and will lose our NMS
integrations.


SNMPTrap was removed because it was easier to throw away
functionality than to verify it's string handling operations. I don't
know of an exact vulnerability

You have 2 choices:

1) Merge in snmptrap from 1.9 ( pretty easy task ) This is entirely
   unsupported.
2) Switch to a different output mechanism like syslog.


Anyway, I am going to write a program to select events of interest from
A Mysql database and will send SNMP traps to the NMS on behalf of snort.


If you are going to do this, I'd recommend you instead write a plugin
for barnyard.
-- 
Chris Green <cmg () sourcefire com>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: