Snort mailing list archives
RE: Snort Install--Win2K
From: "Michael Steele" <michaels () silicondefense com>
Date: Mon, 8 Apr 2002 12:04:43 -0700
Mike, Looks like a direction problem connected to your rules files. Make sure you have placed the exact path to the rules files in your snort.conf. Include c:\snort\rules\porn.rules Include c:\snort\rules\classification.config Note: Your path may differ. - Michael Steele - michaels () silicondefense com -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Whaley, Mike Sent: April 3, 2002 5:00 PM To: Snort-Users (E-mail) Subject: [Snort-users] Snort Install--Win2K Hello, I did this last night on my machine and snort is working wonderful, no problems. Well, today I decided to install snort on a dedicated win2k box, fresh install. The error is at the very bottom of this when I type in the Snort -c C:\Snort\Snort.conf -l C:\Snort\Logs -i1 to create the alert.ids file in c:\snort\logs. Any suggestions? Thanks for your help. Mike Whaley C:\snort>snort -W -*> Snort! <*- Version 1.8.3-MySQL-WIN32 (Build 92) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) 1.8-Win32 Port Compiled By Michael Steele (michaels () silicondefense com, www.sili condefense.com) (based on code from 1.7 port) Interface Device Description ------------------------------------------- 1 \Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A846343} (3Com EtherLink PCI) 2 \Device\Packet_NdisWanIp (NdisWan Adapter) ------------------------------------------------------------------------ ------------------------------------------------------------ C:\snort>snort -v -i1 Log directory = log Initializing Network Interface \ --== Initializing Snort ==-- Checking PID path... PID stat checked out ok, PID set to C:\snort Writing PID file to "C:\snort" Decoding Ethernet on interface \Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A846 343} --== Initialization Complete ==-- -*> Snort! <*- Version 1.8.3-MySQL-WIN32 (Build 92) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) 1.8-Win32 Port Compiled By Michael Steele (michaels () silicondefense com, www.sili condefense.com) (based on code from 1.7 port) 04/03-17:40:14.718322 ARP who-has 0.0.0.0 tell 0.0.0.0 04/03-17:40:14.721750 ARP who-has 0.0.0.0 tell 0.0.0.0 04/03-17:40:15.452724 172.xx.xx.xxx:xxx -> 172.xx.xxx.xxx:xxx UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:135 DF Len: 115....And so on...And so on. ------------------------------------------------------------------------ -------------------- C:\snort>snort -c c:\snort\snort.conf -l c:\snort\logs -i1 Log directory = c:\snort\logs Initializing Network Interface \ --== Initializing Snort ==-- Decoding Ethernet on interface \Device\Packet_{xxxxxxx-EF5D-42A6-A5E6-F5079A846 343} Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file c:\snort\snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Reassembly method: FAVOR_OLD Back Orifice detection brute force: DISABLED database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: database name = snort database: host = localhost database: sensor name = XXXXXX:\Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A84 6343} database: sensor id = 1 database: schema version = 104 database: using the "log" facility ERROR: Unable to open rules file: ./ or ././ Fatal Error, Quitting..
Current thread:
- Snort Install--Win2K Whaley, Mike (Apr 03)
- RE: Snort Install--Win2K Michael Steele (Apr 08)