Snort mailing list archives
RE: RE: Installing SNORT 1.8.3 on win2k server
From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>
Date: Wed, 13 Mar 2002 09:29:37 -0600
Or, you could just as easily put the Path in quotes... works fine for me on our win2k machines. -----Original Message----- From: Y P Chien [mailto:ypchien () ssi com] Sent: Monday, March 11, 2002 11:12 PM To: Dragos Ruiu; Michael Steele Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] RE: Installing SNORT 1.8.3 on win2k server Hi Gentlemen: Thank you for the immediate attention I got. This really surprises me because I don't even get this kind of timely and detailed response from some of the commercial product support! Anyway, I sort of figure out by reading almost all the posted replies at the Snort discussion forum. This is what I found out: 1. Snort command just can't handle directory path with spaces. E.g. C:/Program File/Sourcefires/snort which is the default installation path. So you need to install Snort on directory path without spaces. Then, you need to manually change these settings in the IDEcenter. 2. After changing the default installation path and all the corresponding paths, I installed Snort on D:\Sourcefire. I was able to run the test script fine except it complains at the end that it has some problem with the rule sets. Which is my next project to find out what I need to do to make it perfect. Looks like it is working so far except with the rule sets. 3. By the way, I am very interested in the Snort appliance which Silicondefense and Sorucefire are currently marketing. However, I was not able to get any response from Sourcefire. I do have some clients which I am doing some consulting in Asia whom are in need of such device. Please help. I will come back to get more help once I start looking at configuring the rule sets for my system. Thanks for your help. YP -----Original Message----- From: Dragos Ruiu [mailto:dr () kyx net] Sent: Monday, March 11, 2002 12:54 PM To: Michael Steele Cc: Y P Chien; snort-users () lists sourceforge net Subject: Re: [Snort-users] RE: Installing SNORT 1.8.3 on win2k server This advice from Michael is incorrect. The latest version of pcap is superior in stability to the old one. Sorry to dissapoint Michael and the guys at silidef, but this does not look like a problem with the installer. You are seeing this error message because of some of the settings in IDScenter. When I built the combined Win32 installer that is distributed on snort.org, I tried to compensate for new users by preloading some registry keys with common default values and settings for IDScenter so it might have a hope of working out of the box without configuration. This falls short in some areas (like if you have your Program Files directory on a drive other C: for instance) and you may have to fiddle with the IDScenter settings to make it work for your particular setup (which you would have had to do anyway if you had installed the components yourself separately). I am trying to further improve some of these settings on the next release of the Win32 installer which will be out released after some more testing. Though I cannot ascertain exactly what settings are incorrect from your error message, I would suspect you might want to look at what you might have your interface setting at under the IDScenter general setup screen. Send me some e-mail directly and I can try to help you work through this issue. Another option you might want to try is debugging your setup using the command line version of snort. Send me some more information about your ssetup and results and let's see what we can figure out about your problem. cheers, --dr On Mon, 11 Mar 2002 18:56:00 -0800 "Michael Steele" <michaels () silicondefense com> wrote:
YP, This is an installation from Sourcefire. You might want to contact Marty and find out why? I would be more then happy to help you if you
were using the installation documentation written by me located on our
website as I have never installed the Sourcefire installation. It's usually a problem with WinPcap. You might try going back one version (2.2 Non Beta). - Mike Commercial Snort Support <<->> 1.866.41.SNORT Silicon Defense -- <www.silicondefense.com> Home of the new SENTRUS Snort sensor! Michael Steele - Snort Support Technician -----Original Message----- From: Y P Chien [mailto:ypchien () ssi com] Sent: Monday, March 11, 2002 4:30 PM To: michaels () silicondefense com Subject: Installing SNORT 1.8.3 on win2k server Dear Sir: I saw your email address and post replies on Snort discussion forum. It seems that I have the similar problems that most users have with installing Snort on Win2K system. I am trying to install Snort on a Win2K server with SP2. I am using WinPcap 2.3 beta. I am getting the following errors: Initializing Network Interface \ ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program Files\Sourcefire\Snort -A full -h any Fatal Error, Quitting.. Please help. YP
-- --dr pgpkey: http://dragos.com/dr-dursec.asc CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: RE: Installing SNORT 1.8.3 on win2k server, (continued)
- Re: RE: Installing SNORT 1.8.3 on win2k server Andrew R. Baker (Mar 13)
- Re: RE: Installing SNORT 1.8.3 on win2k server Martin Roesch (Mar 13)
- RE: RE: Installing SNORT 1.8.3 on win2k server Ofir Arkin (Mar 13)
- List Usage Mike Poor (Mar 13)
- Re: RE: Installing SNORT 1.8.3 on win2k server Dragos Ruiu (Mar 12)
- RE: RE: Installing SNORT 1.8.3 on win2k server C . Prickaerts (Mar 11)
- Re: RE: Installing SNORT 1.8.3 on win2k server John Sage (Mar 12)
- Fw: Re: RE: Installing SNORT 1.8.3 on win2k server Dragos Ruiu (Mar 12)
- RE: RE: Installing SNORT 1.8.3 on win2k server Y P Chien (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server Dragos Ruiu (Mar 12)
- RE: RE: Installing SNORT 1.8.3 on win2k server Kreimendahl, Chad J (Mar 13)