Re: New install of Snort on Windows 2008

[Joel Esler <jesler () sourcefire com>]

On Feb 6, 2013, at 10:32 AM, Erik D. Sciortino <ESciortino () ABIM ORG> wrote:

> Hello All,
>  
> Snort newbie here. I recently installed Snort on a Windows 2008 R2 (x64) box with MySQL back-end and am using 
> barnyard2 for log processing and parsing. When I run snort in packet sniffer mode (-v), I can see all the traffic 
> coming through on the spanned switch port. However, when I switch snort into active mode with the –l switch, noting 
> gets written into the log file. I’ve reviewed the instructions I have for installing snort on a Windows box and 
> appear to have followed all the steps correctly, the snort.conf, and have even run snort in test mode (-T) and 
> nothing appears amiss.
>  
> Because I’m a newbie, I’m not sure where to go next and would appreciate any wisdom, advice, etc. that I could get to 
> help resolve this issue….

It would help us the most if you were able to post your snort.conf and our command line for Snort to run.

I'd recommend using Snort not on a Windows box, but that's just my 0.02.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!