Snort mailing list archives

IDScenter (v1.09) problems smmarized

From: Rich Adamson <radamson () routers com>
Date: Mon, 17 Dec 2001 06:53:15 -0600

Windows users only...

The IDScenter (v1.09) does not function properly given the latest
SourceFire windows distribution of Snort (v1.8.3) due to:

1. The SourceFire installation now places the executables in the
   "\Program Files\Sourcefire\Snort" tree. The IDScenter software
   does not quote the -c option (as in "\Program Files\...."), which
   snort then parses as "\Proram" due the the space in the directory
   name.

2. The IDScenter button "Creat script" assumes that itself and snort
   reside on the C: drive.  On a dual-boot system where Win2k is 
   installed on the E: drive, the create script consistently inserts
   the C: drive designator where the E: drive has been specified. 
   In addition, IDScenter forces the "Snort Commandline" to the
   "Program Files" location (regardless of what has been specified).
   The Snort Commandline is displayed as Read-Only, not allowing
   the user to correct the readily observed problems. As a result, 
   since the script cannot be generated the IDScenter can never 
   start Snort.

3. Given the above, if one can persude the Create Script funtion to
   acknowledge file locations, executing the "Test Configuration"
   results in a command-line window opening with Snort objecting to
   not finding the snort.conf file (due to #1 above). Exiting this
   command window causes the IDScenter to abort without recording
   any of the previously entered settings. Starting IDScenter again
   creates all new default values (as opposed to using the previously
   defined parameters).

The above errors have been reported to the author at iuk () gmx ch as
of this morning.

There are no known work arounds. The normal Add/Remove programs 
(control panel) will not remove IDScenter from the system without 
first rebooting the system. Presumably this is due to the IDScenter 
not stopping properly, leaving the software executing without a 
tray icon giving one the impression that it actually had been 
stopped.

Rich



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IDScenter (v1.09) problems smmarized Rich Adamson (Dec 17)
- Re: IDScenter (v1.09) problems smmarized Dragos Ruiu (Dec 19)
  - Re: IDScenter (v1.09) problems smmarized Chr. v. Stuckrad (Dec 20)