Snort mailing list archives
Re: Win32 Snort w/ ACID on NT 4.0/IIS
From: "ed.davis" <ed.davis () divine com>
Date: Thu, 20 Dec 2001 10:32:32 -0500
back up this needs to be fixed first -- When I login to the machine I first get a Dr. Watson error saying "srvany has caused an access violation (0xC0000005) at Address (0x77F64D8A)" Now, srvany is a native component of the OS, and if that doesn't run, you need to fix that as well as other system problems. the error indicates something very bad is happening and if srvany can't run, you can be sure there are other system processes that can not be relied upon a snort sensor is a very heavy duty set of processes that eat normal resources and you MUST have a perfect, clean, no conflict system to run it on, if you want to have no problems with it. otherwise, you could get nagging issues constantly. find the cause and fix the dr watson first and foremost. you should never get a dr watson error on anything ever. even a poorly configured snort will not dr watson on you, the errors on poor configured snort boxes are snort errors, never system errors. dr watson is a system error. can't build a strong fort on a cheap foundation, you dig ? ----- Original Message ----- From: "Thatcher Rea" <T_Rea () BARTWEST COM> To: <snort-users () lists sourceforge net> Sent: Thursday, December 20, 2001 10:05 AM Subject: [Snort-users] Win32 Snort w/ ACID on NT 4.0/IIS
I've been using the Snort Documentation from Silicon Defense for
installing
Snort 1.8.2 on NT Server 4.0 Here's the URL -http://www.silicondefense.com/techsupport/winsnortacid_1.8.2.htm . I have everything configured, and am ready to start viewing the alerts in my browser with ACID. I am running NT Server 4.0 SP6a with IIS/NT Option
Pack.
I have also used the Net HotFix Checker to verify that I am patched to the max. Here's my problem: When I login to the machine I first get a Dr. Watson error saying "srvany has caused an access violation (0xC0000005) at Address (0x77F64D8A)" And then, when I open my browser and type the path <http://localhost/acid/index.html> to view ACID I am redirected to <http://localhost/acid/adic_main.php> (which I'm assuming is normal). I
then
get a CGI error saying that "The specified CGI application misbehaved by
not
returning a complete set of HTTP headers. The headers it did return are: abnormal program termination". The only point of contention in the documentation that I can find would be the "Installing PHPLot" section of the paper, where the instructions are given as: "Uncompress PHPLot into the 'C:\snort' folder". Does PHPLot get its own folder (ie C:\snort\phplot ) , or do the contents need to be
copied
directly to C:\Snort ? I would assume the former, but am not certain. If anyone is using Win32 Snort on NT 4.0 I would appreciate any feedback
you
might be able to give me on this. ===================== Thatcher Rea IS Division - Topeka Bartlett and West Engineers t_rea () bartwest com ===================== _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Win32 Snort w/ ACID on NT 4.0/IIS Thatcher Rea (Dec 20)
- Re: Win32 Snort w/ ACID on NT 4.0/IIS ed.davis (Dec 20)
- <Possible follow-ups>
- RE: Win32 Snort w/ ACID on NT 4.0/IIS John Rodley (Dec 20)