|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Snort-devel] [Fwd: [Fwd: [Fwd: Re: Snort-snmp for snort-2.0.0]]]
Date: Tue May 27 2003 - 18:49:50 EDT
Hi,
There was a typo in the URL given in the earlier mail. The software
is available from
http://www.cysol.co.jp/contrib/snortsnmp/SnortSnmp-2.0.0-01.tgz
[not
http://www.cysol.co.jp/contrib/snortsnmp/SnortSnmp-2.0.0-01.gz]
Glenn
- Original Message -------- Subject: [Fwd: [Fwd: Re: Snort-snmp for snort-2.0.0]] Date: Tue, 27 May 2003 20:29:05 +0900 From: Glenn Mansfield Keeni <glenn@cysols.com> Organization: Cyber Solutions Inc. To: "'snort-users@lists.sourceforge.net'" <snort-users@lists.sourceforge.net>
Hi Folks,
Sincere apologies for the delay in getting this thing out. The SnortSnmp module compatible with snort-2.0.0 is ready. I have tried it on the following platforms
Solaris[ucd-snmp-4.2.*],
FreeBSD[ucd-snmp-4.2.* and net-snmp-5.0.*]
Linux [net-snmp-5.0.*].
It seems to be working without problems.
The software is available from
http://www.cysol.co.jp/contrib/snortsnmp/SnortSnmp-2.0.0-01.gz
Let me know if there are problems.
Thanks and Cheers
Glenn
PS.
Excerpts from README.SNMP
Introduction.
The snortSnmpPlugin enables snort to send snmp alerts to network
managemement systems (NMS). The alerts can be traps (the alert will
not be acknowledged by the receiver) or informs (the alert will be
acknowledged by the receiver ).
This adds significant power to the NMS by allowing it to monitor the
security of the network. It also allows the snort sensor to exploit
the features that are built into existing network management systems.
Requirements:
The plugin requires the net-snmp (or ucd-snmp) libraries and header files.
You will need to download and install the net-snmp (ucd-snmp)
package before you try to install this plugin. The package can be
downloaded from
http://net-snmp.sourceforge.net/
You will need the latest snort source distribution.
Activation Steps:
NOTE: That the MIB files in the etc directory
etc/SnortCommonMIB.txt
etc/SnortIDAlertMIB.txt
need to be referred to by snmp applications.
[Otherwise the OID-to-name translation will not take place]
refer to the snmpcmd manpages [do 'man snmpcmd'] for further details.
0. Build the Snmp enabled snort package.
DownLoad the SnortSnmpModule.
uncompress and untar - it will contain
README.SNMP -- This file
SnortSnmpPatch-.gz. -- Patch to build the Snmp enabled snort
In the Snort home directory (this is where snort is gunzipped and untarred)
apply the patch SnortSnmpPatch e.g.
zcat SnortSnmpPatch-2.0-01.gz | patch -c
This will update the following files
configure.in
Makefile.am
src/plugbase.c
etc/snort.conf
It will create the following files
doc/README.SNMP
etc/SnortCommonMIB.txt
etc/SnortIDAlertMIB.txt
src/output-plugins/spo_SnmpTrap.c
src/output-plugins/spo_SnmpTrap.h
1. follow the usual steps to build the package
./configure --with-snmp --with-openssl
make
su
make install
....
....
This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Tue May 27 18:58:25 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:05 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |