Snort mailing list archives
Re: RE: HELP!!! HELP!!! HELP!!!
From: jrhendri () maine rr com
Date: Fri, 12 Nov 2004 09:01:47 -0500
Actually I was suggesting he switch to decaf :-) ----- Original Message ----- From: Michael Steele <michaels () winsnort com> Date: Friday, November 12, 2004 8:00 am Subject: RE: [Snort-users] HELP!!! HELP!!! HELP!!!
Come on he's having problems enough, and you are suggesting that he switch to LINUX.... Read my tag line... Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org-----Original Message----- From: snort-users-admin () lists sourceforge net [snort-users- admin () lists sourceforge net] On Behalf Of Jim Hendrick Sent: Friday, November 12, 2004 4:52 AM To: 'Jeremiah J Batac'; snort-users () lists sourceforge net Subject: RE: [Snort-users] HELP!!! HELP!!! HELP!!! Slow down man... While I'm sure there are folks on the list whocan helpwith what you (seem to be) trying to do, I'd recommend that youstart abit more modestly. That is, *just* run snort on XP logging to files without tryingto includeacid, mysql, etc. etc. This is pretty straightforward and will at least give you thechance tofamiliarize yourself with the config file, rules, etc. all whilestarting> toat least see what your network traffic is like. THEN you should try adding logging to another format like mysql and presenting a web server. Now if you just can't wait, (unless someone offers a bettersuggestion) Iwould simply go to a linux based IDS (there are very explicitstep-by-stepguides to do this). You can take an older machine (or dual-boot your workstation with redhat (for example) and follow the step-by-step guides.You will be snorting and logging and viewing with acid on apachein no-time. Best of luck, Jim -----Original Message----- From: snort-users-admin () lists sourceforge net [snort-users-admin () lists sourceforge net] On Behalf Of Jeremiah J Batac Sent: Friday, November 12, 2004 7:28 AM To: snort-users () lists sourceforge net Subject: [Snort-users] HELP!!! HELP!!! HELP!!! hello snort users,,, im a newbie in the IDS field. Im trying my best to make this snort thing to work in Windows XP. I'm so frustrated coz after downloading tons of documents to help me set it up, tried all their steps and guess what its partially working... Can somebody kind enough to walk me through to make it work. current softwares to install snort that i have right now are the following... acid adodb dbtools libnet-1.0.2f packetbuild-1.4 php-4.3.9-win32 phplot-4.4.6 application_service mysqlsetup snort-2_1_0 winpcap_3_0 I already tried to install and follow the steps 5times and unfortunately i just go up to this point C:\Snort>snort Running in IDS mode with inferred config file: ./snort.conf Log directory = log Initializing Network Interface \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67 } --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67 } Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file ./snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ,-----------[Flow Config]---------------------- | Stats Interval: 0 | Hash Method: 2 | Memcap: 10485760 | Rows : 4099 | Overhead Bytes: 16400(%0.16) `---------------------------------------------- No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: INACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE flush_data_diff_size: 500 Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 ERROR: ./snort.conf(287) => Invalid file name for IIS Unicode Map file. Fatal Error, Quitting.. C:\Snort> hope this will help. like you i would like to be a pioneer on this OpenSource IDS. Help is much appreciated. Thank you very much. __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88&alloc_id065&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88&alloc_id065&opÕick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list×ort-users
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88&alloc_id065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HELP!!! HELP!!! HELP!!! Jeremiah J Batac (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Jim Hendrick (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Michael Steele (Nov 12)
- Re: HELP!!! HELP!!! HELP!!! Theodore Stout (Nov 12)
- <Possible follow-ups>
- Re: RE: HELP!!! HELP!!! HELP!!! jrhendri (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Matthew K. Lee (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Michael Steele (Nov 12)
- FW: HELP!!! HELP!!! HELP!!! Matthew K. Lee (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! SN ORT (Nov 12)
- Re: HELP!!! HELP!!! HELP!!! M. Shirk (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Harper, Patrick (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Jim Hendrick (Nov 12)