RE: SnortSnarf in Windows

["Michael Steele" <michaels () winsnort com>]

ISP Problems... :-(

 Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of snort-ml
Sent: Tuesday, October 07, 2003 12:49 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] SnortSnarf in Windows


No problem, but I think I downloaded the guide from winsnort site. Unless
you have updated it 
in the last few days. By the way your site seems to have been down all day.

-----Original Message-----
From: Michael Steele [mailto:michaels () winsnort com] 
Sent: Sunday, October 05, 2003 5:00 AM
To: 'snort-ml'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] SnortSnarf in Windows


snort-ml,

I am really sorry for your incontinence. Please go to my website
(www.winsnort.com) and get the latest documentation. The guide at
www.silicondefense.com has not been updated to correct that error.

This should be a simple fix, but if you have problems please let me know.

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of snort-ml
Sent: Friday, October 03, 2003 9:05 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] SnortSnarf in Windows

Yes I realized after my last post why: I had it configured to log to Event
Viewer instead. But I still get the same error: "SnortFileInput: input file
d:\inetpub\wwwroot\log\alert.ids does not exist; skipping it". Do I need to
copy the one in snort\log to wwwroot\log?

-----Original Message-----
From: Michael Steele [mailto:michaels () winsnort com] 
Sent: Thursday, October 02, 2003 4:35 PM
To: 'snort-ml'
Subject: RE: [Snort-users] SnortSnarf in Windows


Is Snort running?

do you have an 'output database log ...' in your snort.conf?

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of snort-ml
Sent: Thursday, October 02, 2003 10:48 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] SnortSnarf in Windows


Well I used to have alert.ids in snort\log folder, but not anymore. What
could've happened?

-----Original Message-----
From: snort-ml [mailto:snort-ml () faceit com] 
Sent: Thursday, October 02, 2003 10:50 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] SnortSnarf in Windows


Yes but it was under "Installing and configuring ActivePerl" which I had
skipped because I had already installed ActivePerl.

Ok I got everything working ok, but when I got to "Starting the IDS
SnortSnarf alert console" and ran the command from the command prompt, it
gave me the following error:

"SnortFileInput: input file d:\inetpub\wwwroot\log\alert.ids does not exist;
skipping it"

Do I need to copy the alert.ids to this folder?


-----Original Message-----
From: Michael Steele [mailto:michaels () winsnort com] 
Sent: Wednesday, October 01, 2003 5:00 PM
To: 'snort-ml'
Subject: RE: [Snort-users] SnortSnarf in Windows


You need to create the folder. Does the guide tell you too?

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-ml [mailto:snort-ml () faceit com] 
Sent: Wednesday, October 01, 2003 1:14 PM
To: 'Michael Steele'
Subject: RE: [Snort-users] SnortSnarf in Windows

Well not yet, but I'll try and let you know the result.
In the meantime I have to deal with another issue: 
When I tried to copy the Snortsnarf's cgi folder, I found out there's no
"cgi" folder under Inetpub\wwwroot. I'm running W2K server/IIS5. There's a
"cgi-bin" under www on our NT boxes, but no "cgi" folder on any of the W2K
machines. Any ideas?

-----Original Message-----
From: Michael Steele [mailto:michaels () winsnort com] 
Sent: Wednesday, October 01, 2003 2:53 PM
To: 'snort-ml'
Subject: RE: [Snort-users] SnortSnarf in Windows


I'm not sure as it's been about a year since my last install. I'm thinking
that I ran the lockdown tool and there were options back in IIS to enable
server side includes, but maybe not. There is however a file located
somewhere on the 2003 install that you can edit to remove that restriction.

Have you tried the lockdown tool?

You can reverse the lockdown procedure.

Let me know what you find. 

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-ml [mailto:snort-ml () faceit com] 
Sent: Wednesday, October 01, 2003 10:30 AM
To: 'Michael Steele'
Subject: RE: [Snort-users] SnortSnarf in Windows

Ok in the document it is recommended to run IIS Lockdown, but this would 
disable server side includes and scripts and installs the URLscan filter.
Wouldn't these interfere with running Perl?


-----Original Message-----
From: Michael Steele [mailto:michaels () winsnort com] 
Sent: Saturday, September 27, 2003 4:58 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] SnortSnarf in Windows


You can try:

http://www.winsnort.com

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of snort-ml
Sent: Friday, September 26, 2003 12:23 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] SnortSnarf in Windows

Does anyone know how to configure SnortSnarf in Windows?
I have a W2K server, with www & Perl installed. I have downloaded Snortsnarf
and ran the makefile.pl in Time-Modules directory. How do I configure
SnortSnarf to create html pages?




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users