Snort Install--Win2K

["Whaley, Mike" <mwhaley () rightnow com>]

Hello,
 
I did this last night on my machine and snort is working wonderful, no
problems.  Well, today I decided to install snort on a dedicated win2k box,
fresh install.  The error is at the very bottom of this when I type in the
Snort -c C:\Snort\Snort.conf -l C:\Snort\Logs -i1 to create the alert.ids
file in c:\snort\logs.  Any suggestions?  Thanks for your help.
 
Mike Whaley
 
C:\snort>snort -W
 
-*> Snort! <*-
Version 1.8.3-MySQL-WIN32 (Build 92)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)
1.8-Win32 Port Compiled By Michael Steele (michaels () silicondefense com,
www.sili
condefense.com)
          (based on code from 1.7 port)
 
Interface       Device          Description
-------------------------------------------
1  \Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A846343} (3Com EtherLink
PCI)
2 \Device\Packet_NdisWanIp (NdisWan Adapter)
 
 
----------------------------------------------------------------------------
--------------------------------------------------------
 
 
C:\snort>snort -v -i1
Log directory = log
 
Initializing Network Interface \
 
        --== Initializing Snort ==--
Checking PID path...
PID stat checked out ok, PID set to C:\snort
Writing PID file to "C:\snort"
Decoding Ethernet on interface
\Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A846
343}
 
        --== Initialization Complete ==--
 
-*> Snort! <*-
Version 1.8.3-MySQL-WIN32 (Build 92)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)
1.8-Win32 Port Compiled By Michael Steele (michaels () silicondefense com,
www.sili
condefense.com)
          (based on code from 1.7 port)
04/03-17:40:14.718322 ARP who-has 0.0.0.0 tell 0.0.0.0
 
04/03-17:40:14.721750 ARP who-has 0.0.0.0 tell 0.0.0.0
 
04/03-17:40:15.452724 172.xx.xx.xxx:xxx -> 172.xx.xxx.xxx:xxx
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:135 DF
Len: 115........And so on.....And so on...
 
----------------------------------------------------------------------------
----------------
C:\snort>snort -c c:\snort\snort.conf -l c:\snort\logs -i1
Log directory = c:\snort\logs
 
Initializing Network Interface \
 
        --== Initializing Snort ==--
Decoding Ethernet on interface
\Device\Packet_{xxxxxxx-EF5D-42A6-A5E6-F5079A846
343}
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file c:\snort\snort.conf
 
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
Back Orifice detection brute force: DISABLED
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: database name = snort
database:          host = localhost
database:   sensor name =
XXXXXX:\Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A84
6343}
 
database:     sensor id = 1
database: schema version = 104
database: using the "log" facility
ERROR: Unable to open rules file: ./ or ././
Fatal Error, Quitting..