Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Win32 snort crashing when -A not used

From: Rich Adamson <radamson () routers com>
Date: Wed, 10 Jul 2002 09:13:07 -0600
    I'm seeing the same thing on Win2k using version 1.8.7beta5-ODBC-Win32 (build 128)
    barebones_release with the just-downloaded-and-installed WinPcap v2.3. Two 
    different "crashes"; one rebooted the PC automatically, the other hung the
    machine requiring a power recycle.


A quick check indicated that I was running build 128 (snort -V), however it must have
been something else as I just downloaded the v1.8.7 STABLE code, and it is a 
"different" size executable but still reports build 128. Not sure what the differences
are, but this stable release has now been running about twice as long as the
previous implementation without crashing the system (still running).


    I also installed IDScenter 1.09 beta2, and it too has a couple of bugs including:
      a. no way to "see" how to set the -A flag,

Log settings -> Log parameters -> Set alert mode


Found it! Thanks
 

      b. IDScenter complains about a missing classification file (but then it is
         fine after stopping/restarting IDScenter)

IDS rules -> Rules/Signatures -> .. select the classification.config file (official Snort 

distribution classification file). This has to

be done ONCE.
This file is usally in the same folder as "Snort.exe"... if not you must give the correct path 

of course (like you would do it in

Snort.conf manually).


Probably wouldn't hurt to include a readme.txt file that suggests the minimum
steps needed to implement IDScenter with snort. The above step is far less
than obvious.
 
Based on the last 30 minutes of operation, it would appear the snort download
from yesterday had significant stability problems.  The Stable release 
downloaded today has been running well (thus far).

Rich



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Two, two, TWO treats in one.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: