Snort mailing list archives
RE: SnortSnarf in Windows
From: snort-ml <snort-ml () faceit com>
Date: Fri, 3 Oct 2003 12:04:47 -0400
Yes I realized after my last post why: I had it configured to log to Event Viewer instead. But I still get the same error: "SnortFileInput: input file d:\inetpub\wwwroot\log\alert.ids does not exist; skipping it". Do I need to copy the one in snort\log to wwwroot\log? -----Original Message----- From: Michael Steele [mailto:michaels () winsnort com] Sent: Thursday, October 02, 2003 4:35 PM To: 'snort-ml' Subject: RE: [Snort-users] SnortSnarf in Windows Is Snort running? do you have an 'output database log ...' in your snort.conf? Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of snort-ml Sent: Thursday, October 02, 2003 10:48 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] SnortSnarf in Windows Well I used to have alert.ids in snort\log folder, but not anymore. What could've happened? -----Original Message----- From: snort-ml [mailto:snort-ml () faceit com] Sent: Thursday, October 02, 2003 10:50 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] SnortSnarf in Windows Yes but it was under "Installing and configuring ActivePerl" which I had skipped because I had already installed ActivePerl. Ok I got everything working ok, but when I got to "Starting the IDS SnortSnarf alert console" and ran the command from the command prompt, it gave me the following error: "SnortFileInput: input file d:\inetpub\wwwroot\log\alert.ids does not exist; skipping it" Do I need to copy the alert.ids to this folder? -----Original Message----- From: Michael Steele [mailto:michaels () winsnort com] Sent: Wednesday, October 01, 2003 5:00 PM To: 'snort-ml' Subject: RE: [Snort-users] SnortSnarf in Windows You need to create the folder. Does the guide tell you too? Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-ml [mailto:snort-ml () faceit com] Sent: Wednesday, October 01, 2003 1:14 PM To: 'Michael Steele' Subject: RE: [Snort-users] SnortSnarf in Windows Well not yet, but I'll try and let you know the result. In the meantime I have to deal with another issue: When I tried to copy the Snortsnarf's cgi folder, I found out there's no "cgi" folder under Inetpub\wwwroot. I'm running W2K server/IIS5. There's a "cgi-bin" under www on our NT boxes, but no "cgi" folder on any of the W2K machines. Any ideas? -----Original Message----- From: Michael Steele [mailto:michaels () winsnort com] Sent: Wednesday, October 01, 2003 2:53 PM To: 'snort-ml' Subject: RE: [Snort-users] SnortSnarf in Windows I'm not sure as it's been about a year since my last install. I'm thinking that I ran the lockdown tool and there were options back in IIS to enable server side includes, but maybe not. There is however a file located somewhere on the 2003 install that you can edit to remove that restriction. Have you tried the lockdown tool? You can reverse the lockdown procedure. Let me know what you find. Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-ml [mailto:snort-ml () faceit com] Sent: Wednesday, October 01, 2003 10:30 AM To: 'Michael Steele' Subject: RE: [Snort-users] SnortSnarf in Windows Ok in the document it is recommended to run IIS Lockdown, but this would disable server side includes and scripts and installs the URLscan filter. Wouldn't these interfere with running Perl? -----Original Message----- From: Michael Steele [mailto:michaels () winsnort com] Sent: Saturday, September 27, 2003 4:58 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] SnortSnarf in Windows You can try: http://www.winsnort.com Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of snort-ml Sent: Friday, September 26, 2003 12:23 PM To: snort-users () lists sourceforge net Subject: [Snort-users] SnortSnarf in Windows Does anyone know how to configure SnortSnarf in Windows? I have a W2K server, with www & Perl installed. I have downloaded Snortsnarf and ran the makefile.pl in Time-Modules directory. How do I configure SnortSnarf to create html pages? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SnortSnarf in Windows snort-ml (Oct 01)
- <Possible follow-ups>
- RE: SnortSnarf in Windows snort-ml (Oct 02)
- RE: SnortSnarf in Windows snort-ml (Oct 02)
- RE: SnortSnarf in Windows snort-ml (Oct 03)
- RE: SnortSnarf in Windows Michael Steele (Oct 03)
- RE: SnortSnarf in Windows snort-ml (Oct 05)
- RE: SnortSnarf in Windows Michael Steele (Oct 05)
- RE: SnortSnarf in Windows snort-ml (Oct 07)
- RE: SnortSnarf in Windows Michael Steele (Oct 07)
- RE: SnortSnarf in Windows Everist, Benjamin S. (NASWI) (Oct 07)
- RE: SnortSnarf in Windows Michael Steele (Oct 07)
- RE: SnortSnarf in Windows Michael Steele (Oct 07)
- RE: SnortSnarf in Windows Michael Steele (Oct 07)
- RE: SnortSnarf in Windows snort-ml (Oct 10)