Snort mailing list archives

RE: Snort 2.0 SNMP patch erroring out

From: "Gordon Cunningham" <gcunnin2 () bellsouth net>
Date: Mon, 4 Aug 2003 19:29:39 -0400

I was under the impression snort 2.x doesnt yet support SNMP notification
via the SNMP output plugin.  Did that change recently?  See reference msg
below

- Gordon

"The software said it requires Windows 98 or better, so I installed
Linux..."



Ref:

On Thu, 29 May 2003, Mike Koponick wrote:

I' attempting to start SNMP with SNORT. The issue that I am having is
that snort will not start (nor test) and fails on the snmp plugin.


[...snip...]

I'm not sure if you realize it, but SNMP support was removed from 2.0.

On the other hand, there is a patch [0] that will add support.

Now, if you've already grabbed that patch...  It sounds like 'trap_snmp'
output plugin wasn't registered.  Make sure there was a patch made to
plugbase.c.  If I were to guess, I'd say something didn't work with the
patch.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]   http://www.cysol.co.jp/contrib/snortsnmp/



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Gary Danko
Sent: Monday, August 04, 2003 5:20 PM
To: Gary Danko; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 2.0 SNMP patch erroring out

Looks like the linefeeds were stripped. Will try again as HTML.

Okay so it turns out Snort 2.0 does not have SNMP support built in. So I
downloaded the patch from cysol.co.jp. The directions on their page say to
apply the patch from the snort source directory, which I did. Here's my
output. Any idea what I could have done wrong?

[root@ids1 src]$ tar xf snort-2.0.0.tar
[root@ids1 src]$ cd snort-2.0.0
[root@ids1 snort-2.0.0]$ cp ../SnortSnmpPatch-2.0.0-01.gz .
[root@ids1 snort-2.0.0]$ zcat SnortSnmpPatch-2.0.0-01.gz | patch -c
patching file output.0
patching file requests
patching file traces.0
patching file config.h.in
patching file config.h.in~
patching file config.status.lineno
patching file configure
patching file configure.in
patching file README.SNMP
patching file SnortCommonMIB.txt
patching file SnortIDAlertMIB.txt
can't find file to patch at input line 13396
Perhaps you should have used the -p or --strip option?
The text leading up to this was:
--------------------------
|diff -crN snort-2.0.0.orig/etc/snort.conf snort-2.0.0/etc/snort.conf
|*** snort-2.0.0.orig/etc/snort.conf    Fri Apr  4 06:10:50 2003
|--- snort-2.0.0/etc/snort.conf Sun May 25 20:20:36 2003
--------------------------
File to patch:

Current thread:

Snort 2.0 SNMP patch erroring out Gary Danko (Aug 04)
- Re: Snort 2.0 SNMP patch erroring out Kohei OHTA (Aug 05)
- Re: Snort 2.0 SNMP patch erroring out Ralf Spenneberg (Aug 05)
- <Possible follow-ups>
- RE: Snort 2.0 SNMP patch erroring out Gary Danko (Aug 04)
  - RE: Snort 2.0 SNMP patch erroring out Gordon Cunningham (Aug 04)