Snort mailing list archives
RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available
From: Rich Adamson <radamson () routers com>
Date: Wed, 10 Jul 2002 12:20:29 -0600
Michael,
Ok, I removed it. There was a lot of confusion on those last two updates. Regarding the error, can you please report the error to the developers list?
Okay.
We have stream 4 operational with MySQL logging. What are you using in your Snort.conf file for Stream 4?
Nothing. preprocessor frag2 is included (all snort.conf entries are the default values included in the Stable zipped file with the exceptions of Home_Net and External_Net).
What do you mean "will gpf at selected intervals"?
The machine will either reboot, or, lock up to the point of having to use the power switch. It happens at irregular intervals causing me to believe the issue relates to external_net alerts. Today, it ran for about 5 minutes once, 30 minutes, 10 minutes, etc, before freezing. No visual indication as to what might have happened.
Can this be reproduce?
Yes, but just have to wait for it to occur. Haven't found anything that I can do to cause it as yet. I'll try combinations later today to see if the issue is sensitive to some parameter, etc. (I could load up the source and run it in debug mode, but I'm not a proficient C programmer to know for sure what I'm doing.) Rich
-----Original Message----- From: Rich Adamson [mailto:radamson () routers com] Sent: Wednesday, July 10, 2002 9:05 AM To: Michael Steele Subject: Re: [Snort-users] Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available 7-10-02 Michael, You might want to pull the windows build 127 from your web site. I had downloaded it yesterday, and it gpf'ed frequently. It reported itself as build 128 (snort -V), but was a different size than what is now on your website as the Stable release (also build 128). Also, appears as though Steam4 has a serious issue in Windows. With it functional, Win2kPro (with WinPcap v2.3) will gpf at selected intervals. This is the barebones version with no other snort related applications running except IDScenter v1.09beta. After disabling Stream4, I've not seen any gpf's (as yet). I've not reported this anywhere else other than this email. Rich Adamson radamson () routers com ------------------------ From: Michael Steele <michaels () silicondefense com> Subject: [Snort-users] Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Date: Tue, 9 Jul 2002 10:18:36 -0700 To: snort-users () lists sourceforge netTo all Windows users of Snort: Sorry for the confusion as I released Snort 1.87b127 the same day as Snort 1.8.7b128 was being released as the OFFICIAL "Snort 1.8.7 STABLE RELEASE". Please read all the notices below. The latest 1.8.7 STABLE binaries have been compiled and are now available on our site. There are now 6 flavors available: Snort-1.8.7-Win32_Barebones_Release Snort-1.8.7-Win32_Flexresp_Release Snort-1.8.7-Win32_MySQL_Flexresp_Release Snort-1.8.7-Win32_MySQL_MSSQL_Flexresp_Release Snort-1.8.7-Win32_MySQL_MSSQL_Release Snort-1.8.7-Win32_MySQL_Release NOTICE: There are now NEW options in stream4 and frag2 and to update your config files accordingly. This is the OFFICIAL Stable Release of Snort 1.8.7, so it would be wise to update your complete Snort install and copy back your custom settings to the new Snort.conf and any other files you may have customized. NOTICE: The "Run as Service" has been compiled into this update, andisONLY available for the following Windows environments: 1. 2000 Professional / 2000 Server Family 2. XP Pro / XP .NET Server Family 3. NT Server 4 (latest service pack). The basic usage is as follows: Note: COMPLETELY remove any previous installation of Snort running asaservice, even Registry settings, then reboot. If you have any concerns or questions, please don't hesitate to email me. There are three command switches that Snort uses for the Service activation. /SERVICE /INSTALL /SERVICE /UNINSTALL /SERVICE /SHOW Explanation of Service options: CAUTION: All the switches MUST be used from the folder that Snort is located in. If Snort is located in C:\Snort then navigate to thatfolderand type the command from there. This will install Snort as a service with the specified parameters: "snort /SERVICE /INSTALL -de -c <FULL PATH>\snort.conf -l <FULL PATH>\logs" This will remove snort as a service: "snort /SERVICE /UNINSTALL" This will display the parameters: "snort /SERVICES /SHOW From the Start Menu go to Programs / Administrative Tools and Open the Services applet in Administrative Tools. Select Snort from theserviceswindow, right click on Snort, choose Properties, and under startuptypeselect Automatic (this will allow snort to be active when there is no one logged on). Note: If you want to stop or start the service from a command prompt type: "net stop snortsvc" "net start snortsvc" Note: If you want to change the parameters then you must: Take Snort down: net stop snortsvc snort /SERVICE /UNINSTALL snort /SERVICE /INSTALL < NEW PARAMETERS > Bring Snort back up: net start snortsvc A Big THANK YOU to Chris Reid for this... NOTICE: The latest WinPcap has gone gold! Version 2.3 http://netgroup-serv.polito.it/winpcap/ NOTICE: LibnetNT.dll can be found at: http://www.securitybugware.org/libnetnt/ NOTICE to all our clients: We will ONLY be supporting the STABLE RELEASES of Snort 1.7.1, Snort 1.8.1, Snort 1.8.2, 1.8.3, 1.86, and1.87at this time. Link to Downloads: http://www.silicondefense.com/techsupport/downloads.htm Link to Documentation: http://www.silicondefense.com/techsupport/windows.htm -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users---------------End of Original Message-----------------
---------------End of Original Message----------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Two, two, TWO treats in one. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Michael Steele (Jul 09)
- RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Don (Jul 10)
- RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Michael Steele (Jul 10)
- <Possible follow-ups>
- RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Michael Steele (Jul 10)
- RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Rich Adamson (Jul 10)
- RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Michael Steele (Jul 10)
- RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Rich Adamson (Jul 10)
- RE: Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available Don (Jul 10)