Snort mailing list archives
Specifying SNMP Traps.
From: "larosa, vjay" <larosa_vjay () emc com>
Date: Mon, 6 May 2002 18:06:22 -0400
Hello, I am not sure ( Testing it tonight,) but is it possible to select indvidual rules to send snmp traps from? In some cases there is no sense in sending a trap for every single event snort flags. I am only interested in approximately 10 to 15 at this point. Can anyone tell me if this will work? Add this to the snort.conf, snip--------------------- ruletype trap-db { type alert output output trap_snmp: alert, 1, trap -v 2c -p 162 10.10.10.15 public output database: log, mysql, user=snort dbname=snort host=localhost } snip-------------------------- then substitute trap-db for alert in my rules I want to send SNMP traps and log to the DB, trap-db tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe access"; flags: A+; content:"/cmd.exe?"; nocase; classtype:web-application-attack; sid:1002; rev:3;) This could alleviate some overhead by selecting specific events to send snmp traps. Thanks! vjl _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Specifying SNMP Traps. larosa, vjay (May 06)