Snort mailing list archives
RE: Win32 Snort w/ ACID on NT 4.0/IIS
From: John Rodley <john.rodley () inc-networks com>
Date: Thu, 20 Dec 2001 10:47:10 -0500
I can't speak to this exact issue, but one thing in this report piqued my interest - SRVANY. Srvany is an MS resource kit app which allows you to run as an NT service apps which are not designed to be run as an NT service. I have had very mixed results with apps that install themselves as services via srvany. John Rodley
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Thatcher Rea Sent: Thursday, December 20, 2001 10:05 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Win32 Snort w/ ACID on NT 4.0/IIS I've been using the Snort Documentation from Silicon Defense for installing Snort 1.8.2 on NT Server 4.0 Here's the URL -http://www.silicondefense.com/techsupport/winsnortacid_1.8.2. htm . I have everything configured, and am ready to start viewing the alerts in my browser with ACID. I am running NT Server 4.0 SP6a with IIS/NT Option Pack. I have also used the Net HotFix Checker to verify that I am patched to the max. Here's my problem: When I login to the machine I first get a Dr. Watson error saying "srvany has caused an access violation (0xC0000005) at Address (0x77F64D8A)" And then, when I open my browser and type the path <http://localhost/acid/index.html> to view ACID I am redirected to <http://localhost/acid/adic_main.php> (which I'm assuming is normal). I then get a CGI error saying that "The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: abnormal program termination". The only point of contention in the documentation that I can find would be the "Installing PHPLot" section of the paper, where the instructions are given as: "Uncompress PHPLot into the 'C:\snort' folder". Does PHPLot get its own folder (ie C:\snort\phplot ) , or do the contents need to be copied directly to C:\Snort ? I would assume the former, but am not certain. If anyone is using Win32 Snort on NT 4.0 I would appreciate any feedback you might be able to give me on this. ===================== Thatcher Rea IS Division - Topeka Bartlett and West Engineers t_rea () bartwest com ===================== _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Win32 Snort w/ ACID on NT 4.0/IIS Thatcher Rea (Dec 20)
- Re: Win32 Snort w/ ACID on NT 4.0/IIS ed.davis (Dec 20)
- <Possible follow-ups>
- RE: Win32 Snort w/ ACID on NT 4.0/IIS John Rodley (Dec 20)