Snort mailing list archives
RE: RE: Installing SNORT 1.8.3 on win2k server
From: "Michael Steele" <michaels () silicondefense com>
Date: Tue, 12 Mar 2002 10:50:28 -0800
Dragos, I apologize if this is not a Sourcefire associated installer. I was under the impression that it was, because of the path "Sourcefire" when it's installed. This is very confusing. I believe the Sourcefire name is protected and not just anyone is authorized to use it, without permission of whomever the name belongs. My mistake and I do sincerely apologize. However, now that I know you are the person responsible for authoring this piece of software, I now have someone to point users to for support for this particular program. I will send them your way if I get stumped on an installation issue. I have received a lot of emails concerning this particular piece of software and it has had this one particular problem from it's inception to the Snort community, among others. In this case, which is not at all uncommon for this installer, Y P Chien had a specific problem with WinPcap and the version he referred to was "2.3 beta". It's always my first inclination to revert back to a release version of a particular program if it's a beta they are running, and then start trouble shooting. Usually, if they have used an installer type of program, I instruct them to completely remove the installation and do a manual install. Which in my opinion is far superior, and they get a first had look and the experience of actually installing an IDS, along with a lot of documentation for running Snort on Windows. I apologize to Y P Chien for not offering this path. I do know there are a few people that really need an installer type of program and that's why we here at Silicon Defense, also have one available on our website. Here at Silicon Defense (not "silidef" as you pointed out in your response) we have spent many many hours putting Snort support together for the Windows community. All the way from documenting installations for step by step procedures, to making sure we have the latest compiled CVS versions of snort available to download from our website, and in 5 flavors, for Windows. This, in all reality, is a one stop shop for the Windows user to get everything they will need to get a functional IDS up and running. This has been at a cost that has been absorbed by us (Silicon Defense) for the Snort community. Sincerely, - Mike Commercial Snort Support <<->> 1.866.41.SNORT Silicon Defense -- <www.silicondefense.com> Home of the new SENTRUS Snort sensor! Michael Steele - Snort Support Technician -----Original Message----- From: Dragos Ruiu [mailto:dr () kyx net] Sent: Monday, March 11, 2002 12:54 PM To: Michael Steele Cc: ypchien () ssi com; snort-users () lists sourceforge net Subject: Re: [Snort-users] RE: Installing SNORT 1.8.3 on win2k server This advice from Michael is incorrect. The latest version of pcap is superior in stability to the old one. Sorry to dissapoint Michael and the guys at silidef, but this does not look like a problem with the installer. You are seeing this error message because of some of the settings in IDScenter. When I built the combined Win32 installer that is distributed on snort.org, I tried to compensate for new users by preloading some registry keys with common default values and settings for IDScenter so it might have a hope of working out of the box without configuration. This falls short in some areas (like if you have your Program Files directory on a drive other C: for instance) and you may have to fiddle with the IDScenter settings to make it work for your particular setup (which you would have had to do anyway if you had installed the components yourself separately). I am trying to further improve some of these settings on the next release of the Win32 installer which will be out released after some more testing. Though I cannot ascertain exactly what settings are incorrect from your error message, I would suspect you might want to look at what you might have your interface setting at under the IDScenter general setup screen. Send me some e-mail directly and I can try to help you work through this issue. Another option you might want to try is debugging your setup using the command line version of snort. Send me some more information about your ssetup and results and let's see what we can figure out about your problem. cheers, --dr On Mon, 11 Mar 2002 18:56:00 -0800 "Michael Steele" <michaels () silicondefense com> wrote:
YP, This is an installation from Sourcefire. You might want to contact
Marty
and find out why? I would be more then happy to help you if you were using the installation documentation written by me located on our website as I have never installed the Sourcefire installation. It's usually a problem with WinPcap. You might try going back one version (2.2 Non Beta). - Mike Commercial Snort Support <<->> 1.866.41.SNORT Silicon Defense -- <www.silicondefense.com> Home of the new SENTRUS Snort sensor! Michael Steele - Snort Support Technician -----Original Message----- From: Y P Chien [mailto:ypchien () ssi com] Sent: Monday, March 11, 2002 4:30 PM To: michaels () silicondefense com Subject: Installing SNORT 1.8.3 on win2k server Dear Sir: I saw your email address and post replies on Snort discussion forum. It seems that I have the similar problems that most users have with installing Snort on Win2K system. I am trying to install Snort on a Win2K server with SP2. I am using WinPcap 2.3 beta. I am getting the following errors: Initializing Network Interface \ ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program Files\Sourcefire\Snort -A full -h any Fatal Error, Quitting.. Please help. YP
-- --dr pgpkey: http://dragos.com/dr-dursec.asc CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Installing SNORT 1.8.3 on win2k server Michael Steele (Mar 11)
- Re: RE: Installing SNORT 1.8.3 on win2k server Erek Adams (Mar 11)
- Re: RE: Installing SNORT 1.8.3 on win2k server Dragos Ruiu (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server Martin Roesch (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server Dragos Ruiu (Mar 12)
- RE: RE: Installing SNORT 1.8.3 on win2k server Michael Steele (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server Martin Roesch (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server John Sage (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server Stuart Staniford (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server Andrew R. Baker (Mar 13)
- Re: RE: Installing SNORT 1.8.3 on win2k server Martin Roesch (Mar 13)
- RE: RE: Installing SNORT 1.8.3 on win2k server Ofir Arkin (Mar 13)
- List Usage Mike Poor (Mar 13)
- RE: RE: Installing SNORT 1.8.3 on win2k server Michael Steele (Mar 12)
- Re: RE: Installing SNORT 1.8.3 on win2k server Erek Adams (Mar 11)
- Re: RE: Installing SNORT 1.8.3 on win2k server Dragos Ruiu (Mar 12)
- <Possible follow-ups>
- RE: RE: Installing SNORT 1.8.3 on win2k server C . Prickaerts (Mar 11)
- Re: RE: Installing SNORT 1.8.3 on win2k server John Sage (Mar 12)