Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Starting out: Question

From: "Madziarczyk, Jonathan" <than () cityofevanston org>
Date: Thu, 29 Nov 2001 14:05:17 -0600
The GUIs (like acid, snortsnarf and the like) are typically used for sorting
the data that Snort picks up and wants to alert you on.  They're just flashy
front ends for the most part (no spam please, guys) ;-)

In the Win32 port of Snort, the documentation sets you up so that Snort is a
NT/2000 service (Accessible from NT in Control Panel/services, from 2000 in
Administrative Tools/Services).  If you read the documentation I noted
previously you will see a walk through of running Snort from a command line
(dos prompt).  This is essentially what the starting and stopping of the
service in NT/2000 does (This is also where that registry key gets used to
add variables to this process).

The registry key is an actual NT/2000 registry key and can be accessed by
running Regedit or regedt32 from Start/Run.  (Note:  Messing with the
registry improperly can make your system unusable or other bad stuff like
that). (HKLM is HKeyLocalMachine)

Take some time to RTM and it will start to make sense what's going on in the
back end.

Peace,
JonM

--"To err is human, to blame it on someone else shows serious management
potential."


-----Original Message-----
From: Brian Ertel [mailto:bsertel () amherst edu] 
Sent: Thursday, November 29, 2001 1:45 PM
To: 'Madziarczyk, Jonathan'
Subject: RE: [Snort-users] Starting out: Question

Thank you Jon, 

Do you use the IDS GUI?  Is that where I should be looking
to launch this from or am I totally in the wrong place.  I
do not know where to locate the registry key...

----------------------------------
Brian Ertel
Systems & Networking
Amherst College
Voice: 413-542-8320
Fax:    413-542-2626
bsertel () amherst edu
----------------------------------


-----Original Message-----
From: Madziarczyk, Jonathan [mailto:than () cityofevanston org]
Sent: Thursday, November 29, 2001 2:29 PM
To: Snort (E-mail)
Subject: RE: [Snort-users] Starting out: Question


Brian,

I assume you've read the links here:
http://www.snort.org/documentation.html#win32
and already have Snort installed.  Mr. Roesch has some great documentation
on the process for installing onto the Win32 platform.


If you're asking what I think you are, you're trying to find out where to
enter specific command line parameters for running Snort.  If you followed
the install above you should have a registry key similar to below:
HKLM\SYSTEM\CurrentControlSet\Services\Snort\Parameters\"AppParameters"
The "AppParameters" key is where I enter my command line parameters and it
works for me.

For what parameters you want or need, the standard Snort documentation
should be sufficient.

Happy Snorting!

JonM


-----Original Message-----
From: Brian Ertel [mailto:bsertel () amherst edu] 
Sent: Thursday, November 29, 2001 12:44 PM
To: Snort (E-mail)
Subject: [Snort-users] Starting out: Question

Hello,

I am bringing up snort on a W2k Prof. box.   The faq or the doc.
neither specify exactly how to exactly begin.  Where are commands
entered and such.  I am open to RTFM if you can tell me where
to get these specific instructions.

Regards,


----------------------------------
Brian Ertel
Systems & Networking
Amherst College
Voice: 413-542-8320
Fax:    413-542-2626
bsertel () amherst edu
----------------------------------


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: