readme-snmp

入侵检测系统.linux下与MySql连用的例子

Introduction.
   The snortSnmpPlugin enables snort to send snmp alerts to the network
   managemement systems (NMS). The alerts can be traps (the alert will 
   not be acknlowledged by the receiver) or informs (the alert will be
   acknowledged by the receiver ). 
   This adds significant power to the NMS by allowing it to monitor the
   security of the network. It also allows the snort sensor to exploit
   the features that are built into existing network management systems. 

Requirements:
   The plugin requires the net-snmp libraries and header files.  
   
   You will need to download and install the ucd-snmp (netSnmp)
   package before you try to install this plugin.
   The URL is http://net-snmp.sourceforge.net/

   You will need the latest snort source distribution.

Activation Steps:
     
    NOTE: That the files in MIBS need to be referred to by snmp applications.
          [Otherwise the OID to name translation will not take place]
          refer to the snmpcmd manpages for further details.
      
 1. follow the usual steps to build the package
        
          ./configure --with-snmp
          make
          super
          make install 
    NOTE-WELL: The '--with-snmp' option is required if you want to build
               with the snortSnmpPlugin

 2. Prepare the snort.conf which defines the snort run-time configuration
      Important: You need to enable the SnmpTrap plugin in the snort.conf
                 or whatever configuration file you pass on to snort.
      the supplied snort.conf file contains the sample line
      # The parameters for the SnmpTrap plugin module are
      #  alert, <sensorID>, {trap|inform} -v <SnmpVersion> -p <portNumber>
      #         <hostName> <community>
      output trap_snmp: alert, 7, trap -v 2c -p 162  myTrapListener myCommunity 
      #


      Note. As of now SNMPv1 traps are not supported. SNMPv2 and above should 
            work. You will need to specify the parameters correctly.
            The paremeters after the trap[inform] are pretty much the same as 
            those that are accepted on the commandline by netSnmp applications.
            To see the options and features do a man snmptrapd.

            If you choose to send traps [informs] - you should ensure that a 
            SnmpTrapListener is listening for the traps[informs] on the 
            destination (<hostName>) at the specified port (<portNumber>).
            If Snmptrapd is not running - you can try 
                      snmptrapd -P -p <portNo> 
            on <hostname>. This will work if you have the NetSnmp package 
            installed on <hostname>. 
            The received alerts will get printed on the console. 
           

  You are all set. Start snort !
  If you have problems / queries / suggestion - mail to snortSnmp@cysols.com