Snort mailing list archives
RE: snort is not sending traps
From: "Metz, Tim" <TMetz () PanAmSat com>
Date: Fri, 10 Jan 2003 08:09:16 -0500
Twig, yep... I've noticed and it seems no matter how I set up the output plugin I get the error "no community string" or similar. Could you post your snmp line (naturally without ip and community)? Thanks, Tim -----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Thursday, January 09, 2003 5:32 PM To: Christian Bock; snort-users () lists sourceforge net Subject: Re: [Snort-users] snort is not sending traps I'm in the middle of pounding through an SNMP config of snort for my work, and while I'm in no position to tell you how to do everything correctly, I can say that tcpdump in the middle has helped tremendously. It seems that when I fix one thing I accidentally break something else so at least I know when *something* is going to my test nms. BTW did anyone else notice that the documented syntax for the SNMP setup in snort.conf is wrong? The -p option gives an error and I saw no mention of a -c. Either this slipped thru the cracks or my New Year's eve in Amsterdam is still muddying my thinking. :-) --- Christian Bock <Christian.Bock () lrz mi lsa-net de> wrote:
the line in my config looks like output trap_snmp: alert, 1, c, trap -v 2c -c public my.snmptrapd I configured snort with ./ configure --with-mysql=... --with-ssl --with-snmp=... ( using netSnmp 5.0.7.pre2 ) when starting snort no errors occure alerts are produced ( e.g. portscanning ) where to start invesigating? are there some secrets I don't know? chris
-------------------------------------------------------
This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- If you give a man a fish, he can eat for a day If you bludgeon him to death, you can eat the fish yourself ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Fwd: snort is not sending traps Christian Bock (Jan 09)
- <Possible follow-ups>
- snort is not sending traps Christian Bock (Jan 09)
- Re: snort is not sending traps twig les (Jan 09)
- RE: snort is not sending traps Metz, Tim (Jan 10)