Changes for snort-2.2.0 #01
                  

1.Modifications for smooth configuration and building with snort-2.2.0
2.Fixes in the packetPrint generation routines
3.Fixes in the README.SNMP

※ Download "NetSkate AlertReceiver" to receive and display the SNMP trap for FREE. Download here.

We confirm that this snortSnmp plug-in works on the following platforms:

Red Hat Enterprise Linux Server release 5.3

2.59

1.9.6

SnortSnmp installation procedure

1. Introduction

   The snortSnmpPlugin enables snort to send SNMP alerts to Network Management Systems (NMS). The alerts can be traps (the alert will not be acknowledged by the receiver) or informs (the alert will be acknowledged by the receiver). This adds significant power to the NMS by allowing it to monitor the security of the network. It also allows the snort sensor to exploit the features that are built into existing network management systems.

2. Requirements

   The plug-in requires the net-snmp libraries and header files. You will need to download and install the ucd-snmp (netSnmp) package before you try to install this plug-in. The URL ishttp://net-snmp.sourceforge.netYou need latest snort source distribution.(http://www.snort.org/dl/snort-2.0.5.tar.gz)

3. Activation Steps

   Generate the SnortSnmp enabled snort package:

   o	Download the SnortSnmp patch file from the above table 
   o	follow the steps in README.SNMP 
                       

   Follow the usual steps to build the package (refer to the README in the package)

   o	./configure --with-snmp --with-openssl 
   o	make 
   o	su make install. 
   

   IMPORTANT NOTES:
   1. The '--with-snmp' option is required if you want to build with the snortSnmpPlugin
   2. In case the net-snmp package is not installed in the /usr/local directory then you need to specify the net-snmp directory to configure as follows:

       ./configure --with-snmp=<PATH_TO_FUCDSNMP_INSTALLATION>

      NOTE: a. The compiler may warn about the non-availability of some libraries used by libsnmp. You may try configuring with ./configure --with-snmp --with-openssl
   3. Prepare the snort.conf which defines the snort run-time configuration.

      Important:You need to enable the snortSnmpTrap plugin in the snort.conf or any other configuration file of snort. The parameters depend on the SNMP version that is used (specified). For the SNMPv2c case the parameters will be as follows

      
       # The parameters for the SnmpTrap plugin module are
       #  alert, <SENSORID> {trap|inform} -v <SNMPVERSION> -p <PORTNUMBER>
       #         <HOSTNAME> <COMMUNITY>
       output trap_snmp: alert, 7, trap -v 2c -p 162  myTrapListener myCommunity
                            

      Note. Currently SNMPv1 traps are not supported. SNMPv2 and above should work. You need to specify the parameters correctly. The parameters for trap[inform] are same as those that are accepted on the command line by netSnmp applications. To see the options and features refer to the snmptrapd man pages.

   If you choose to send traps [informs] - you should ensure that a SnmpTrapListener is listening to the traps[informs] on the destination () at the specified port () If Snmptrapd is not running - you can try snmptrapd -P -p on This will work if you have the ucd-snmp package installed on The received alerts will be printed on the console.

    snmptrapd -P -p <PORTNUMBER> (ucd-snmp)
    snmptrapd -P -p udp:<PORTNUMBER> (net-snmp)
                       

   You are all set. Start snort !
   
   # We do not support HOW-TO use SnortSNMP or HOW-TO install.

If you have problems / queries / suggestions - mail tosnortSnmp@cysols.com
A rudimentary guide to SnortSNMP is here.