Snort mailing list archives

RE: Win32 Snort w/ ACID on NT 4.0/IIS

From: John Rodley <john.rodley () inc-networks com>
Date: Thu, 20 Dec 2001 10:47:10 -0500

I can't speak to this exact issue, but one thing in this report piqued my
interest - SRVANY.  Srvany is an MS resource kit app which allows you to run
as an NT service apps which are not designed to be run as an NT service.  I
have had very mixed results with apps that install themselves as services
via srvany.

John Rodley

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Thatcher
Rea
Sent: Thursday, December 20, 2001 10:05 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Win32 Snort w/ ACID on NT 4.0/IIS


I've been using the Snort Documentation from Silicon Defense 
for installing
Snort 1.8.2 on NT Server 4.0 Here's the URL
-http://www.silicondefense.com/techsupport/winsnortacid_1.8.2.
htm . I have
everything configured, and am ready to start viewing the alerts in my
browser with ACID. I am running NT Server 4.0 SP6a with 
IIS/NT Option Pack.
I have also used the Net HotFix Checker to verify that I am 
patched to the
max. 
Here's my problem: 
When I login to the machine I first get a Dr. Watson error 
saying "srvany
has caused an access violation (0xC0000005) at Address (0x77F64D8A)" 
And then, when I open my browser and type the path
<http://localhost/acid/index.html> to view ACID I am redirected to
<http://localhost/acid/adic_main.php> (which I'm assuming is 
normal). I then
get a CGI error saying that "The specified CGI application 
misbehaved by not
returning a complete set of HTTP headers. The headers it did 
return are:
abnormal program termination". 
The only point of contention in the documentation that I can 
find would be
the "Installing PHPLot" section of the paper, where the 
instructions are
given as: "Uncompress PHPLot into the 'C:\snort' folder". 
Does PHPLot get
its own folder (ie C:\snort\phplot ) , or do the contents 
need to be copied
directly to C:\Snort ?  I would assume the former, but am not 
certain. 
If anyone is using Win32 Snort on NT 4.0 I would appreciate 
any feedback you
might be able to give me on this. 


=====================
Thatcher Rea
IS Division - Topeka
Bartlett and West Engineers
t_rea () bartwest com
=====================


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Win32 Snort w/ ACID on NT 4.0/IIS Thatcher Rea (Dec 20)
- Re: Win32 Snort w/ ACID on NT 4.0/IIS ed.davis (Dec 20)
- <Possible follow-ups>
- RE: Win32 Snort w/ ACID on NT 4.0/IIS John Rodley (Dec 20)