Snort mailing list archives
RE: Syslog,MySql, IDS Center /Eagle X
From: "McBurnett, Jim" <jmcburnett () msmgmt com>
Date: Mon, 19 May 2003 14:01:49 -0400
Okay, This is what I am getting.. This seems weird.. But it must be a PCAP issue.... Thoughts?? Jim C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par \\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -i 2 -d -e -y -s 127.0.0.1:514\par Running in IDS mode\par Log directory = C:\\EagleX\\snort\\logs\par \par Initializing Network Interface \\Device\\NPF_\{150F8050-7325-4DAF-A177-662A51C877E9\par \}\par ERROR: OpenPcap() FSM compilation failed:\par PCAP command: %s\par \par Fatal Error, Quitting..\par \par C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par \\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -i 2 -d -e -y -s "127.0.0.1:514\par "\par Running in IDS mode\par Log directory = C:\\EagleX\\snort\\logs\par \par Initializing Network Interface \\Device\\NPF_\{150F8050-7325-4DAF-A177-662A51C877E9\par \}\par ERROR: OpenPcap() FSM compilation failed:\par PCAP command: %s\par \par Fatal Error, Quitting..\par \par C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par \\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -s 127.0.0.1:514 -i 2 -d -e -y\par Running in IDS mode\par Log directory = C:\\EagleX\\snort\\logs\par \par Initializing Network Interface \\Device\\NPF_\{C174027D-4189-497B-8143-E5FA7A9557F5\par \}\par ERROR: OpenPcap() FSM compilation failed:\par PCAP command: %s\par \par Fatal Error, Quitting..\par \par C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par \\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -s 127.0.0.1:514 -i 2 -d -e -y\par Running in IDS mode\par Log directory = C:\\EagleX\\snort\\logs\par \par Initializing Network Interface \\Device\\Packet_\{C174027D-4189-497B-8143-E5FA7A955\par 7F5\}\par ERROR: OpenPcap() FSM compilation failed:\par PCAP command: %s\par \par Fatal Error, Quitting..\par \par C:\\Documents and Settings\\jmcburnett>\par }
-----Original Message----- From: Ueli Kistler [mailto:iuk () gmx ch] Sent: Monday, May 19, 2003 1:04 PM To: McBurnett, Jim Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Syslog,MySql, IDS Center /Eagle X Hello McBurnett, Jim wrote:Ok all, I have searched all the archives, googled this to death andI am stilldrawing a blank.. I know I am missing something. I am running this on a Windows XP, Fresh install, norton AV. System is running a 2.6 Ghz P4 with 512M RAM.. Started with the Eagle X package. MySql, ACID it all works great...sure, but it's old.. at leat update to Snort 2.0.. update will be available soon after putting online the new website: www.engagesecurity.comI tried to add Syslog to it and Bingo-- It crashes everytime it sendsa message.. I tried to send to an external syslog.. no go. I tried an on Machine Syslog. No go.. System has 3 NICS, and I am using the 2nd NIC.Snort 2.0 has a broken syslog support (i think.. correct me if i should be wrong .. but i don't think so) note that snort always tries to bind the socket to NIC 1! You must have -s option activated ("Log settings"->"Logging parameters".. Type hostname of the syslog server)I thought maybe it was an issue with Snort 1.9. So I updatedto Snort 2.0no .. activate "-s" option AND add an output plugin (syslog output plugin) in the output plugin wizardNo go, same problem, but now the snort service won't even start with Syslog enabled There is nothing in the Event log of relevance, the Test ofthe Configlooks fine. I can post or email offlist the config file if anyone is willing to help me... Does anyone have any ideas?Don't bother Chris Reid .. i'm sure he's working on this (or perhaps not) ;)Thanks, JimRegards, Ueli Kistler eclipse () engagesecurity com www.engagesecurity.com (soon online) --
------------------------------------------------------- This SF.net email is sponsored by: If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Syslog,MySql, IDS Center /Eagle X McBurnett, Jim (May 19)
- Re: Syslog,MySql, IDS Center /Eagle X Ueli Kistler (May 19)
- Re: Syslog,MySql, IDS Center /Eagle X Ueli Kistler (May 19)
- <Possible follow-ups>
- RE: Syslog,MySql, IDS Center /Eagle X McBurnett, Jim (May 19)