Re: Win32 Snort w/ ACID on NT 4.0/IIS

["ed.davis" <ed.davis () divine com>]

back up


this needs to be fixed first
--
When I login to the machine I first get a Dr. Watson error saying "srvany
has caused an access violation (0xC0000005) at Address (0x77F64D8A)"


Now, srvany is a native component of the OS, and if that doesn't
run, you need to fix that as well as other system problems. the error
indicates something very bad is happening and if srvany can't run,
you can be sure there are other system processes that can not be relied
upon

a snort sensor is a very heavy duty set of processes that
eat normal resources and you MUST have a perfect, clean, no
conflict system to run it on, if you want to have no problems
with it.

otherwise, you could get nagging issues constantly. find the cause
and fix the dr watson first and foremost. you should never get a
dr watson error on anything ever. even a poorly configured snort
will not dr watson on you, the errors on poor configured snort boxes
are snort errors, never system errors. dr watson is a system error.
can't build a strong fort on a cheap foundation, you dig ?

----- Original Message -----
From: "Thatcher Rea" <T_Rea () BARTWEST COM>
To: <snort-users () lists sourceforge net>
Sent: Thursday, December 20, 2001 10:05 AM
Subject: [Snort-users] Win32 Snort w/ ACID on NT 4.0/IIS


> I've been using the Snort Documentation from Silicon Defense for
installing
> Snort 1.8.2 on NT Server 4.0 Here's the URL
> -http://www.silicondefense.com/techsupport/winsnortacid_1.8.2.htm . I have
> everything configured, and am ready to start viewing the alerts in my
> browser with ACID. I am running NT Server 4.0 SP6a with IIS/NT Option
Pack.
> I have also used the Net HotFix Checker to verify that I am patched to the
> max.
> Here's my problem:
> When I login to the machine I first get a Dr. Watson error saying "srvany
> has caused an access violation (0xC0000005) at Address (0x77F64D8A)"
> And then, when I open my browser and type the path
> <http://localhost/acid/index.html> to view ACID I am redirected to
> <http://localhost/acid/adic_main.php> (which I'm assuming is normal). I
then
> get a CGI error saying that "The specified CGI application misbehaved by
not
> returning a complete set of HTTP headers. The headers it did return are:
> abnormal program termination".
> The only point of contention in the documentation that I can find would be
> the "Installing PHPLot" section of the paper, where the instructions are
> given as: "Uncompress PHPLot into the 'C:\snort' folder". Does PHPLot get
> its own folder (ie C:\snort\phplot ) , or do the contents need to be
copied
> directly to C:\Snort ?  I would assume the former, but am not certain.
> If anyone is using Win32 Snort on NT 4.0 I would appreciate any feedback
you
> might be able to give me on this.
>
>
> =====================
> Thatcher Rea
> IS Division - Topeka
> Bartlett and West Engineers
> t_rea () bartwest com
> =====================
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users