Activation Steps
Generate the SnortSnmp enabled snort package:
o Download the SnortSnmp patch file from the above table
o follow the steps in README.SNMP
Follow the usual steps to build the package (refer to the README in the package)
o ./configure
o make
o su make install.
IMPORTANT NOTES:
- Prepare the snort.conf which defines the snort run-time configuration.
Important:You need to enable the snortSnmpTrap plugin in the snort.conf or any other configuration file of snort. The parameters depend on the SNMP version that is used (specified). For the SNMPv2c case the parameters will be as follows
# The parameters for the SnmpTrap plugin module are
# alert, <SENSORID> {trap|inform} -v <SNMPVERSION> -c <COMMUNITY>
# <HOSTNAME>:<PORTNUMBER>
output trap_snmp: alert, 7, trap -v 2c -c myCommunity myTrapListener:162
Note. Currently SNMPv1 traps are not supported. SNMPv2 and above should work. You need to specify the parameters correctly. The parameters for trap[inform] are same as those that are accepted on the command line by netSnmp applications. To see the options and features refer to the snmptrapd man pages.
If you choose to send traps [informs] - you should ensure that a SnmpTrapListener is listening to the traps[informs] on the destination () at the specified port () If Snmptrapd is not running - you can try snmptrapd -P -p on This will work if you have the ucd-snmp package installed on The received alerts will be printed on the console.
snmptrapd -P -p <PORTNUMBER> (ucd-snmp)
snmptrapd -f -Le udp:162 (net-snmp)
You are all set. Start snort !
# We do not support HOW-TO use SnortSNMP or HOW-TO install.