RE: RE: Installing SNORT 1.8.3 on win2k server

["Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>]

Or, you could just as easily put the Path in quotes... works fine for me on
our win2k machines.

-----Original Message-----
From: Y P Chien [mailto:ypchien () ssi com]
Sent: Monday, March 11, 2002 11:12 PM
To: Dragos Ruiu; Michael Steele
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] RE: Installing SNORT 1.8.3 on win2k server


Hi Gentlemen:

Thank you for the immediate attention I got.  This really surprises me
because I don't even get this kind of timely and detailed response from
some of the commercial product support!

Anyway, I sort of figure out by reading almost all the posted replies at
the Snort discussion forum.  This is what I found out:

1. Snort command just can't handle directory path with spaces.  E.g.
C:/Program File/Sourcefires/snort which is the default installation
path.
So you need to install Snort on directory path without spaces.  Then,
you need to manually change these settings in the IDEcenter.
2.  After changing the default installation path and all the
corresponding paths, I installed Snort on D:\Sourcefire.
I was able to run the test script fine except it complains at the end
that it has some problem with the rule sets.  Which is my next project
to find out what I need to do to make it perfect.  Looks like it is
working so far except with the rule sets.
3. By the way, I am very interested in the Snort appliance which
Silicondefense and Sorucefire are currently marketing.  However, I was
not able to get any response from Sourcefire.  I do have some clients
which I am doing some consulting in Asia whom are in need of such
device.  Please help.

I will come back to get more help once I start looking at configuring
the rule sets for my system.

Thanks for your help.

YP

-----Original Message-----
From: Dragos Ruiu [mailto:dr () kyx net] 
Sent: Monday, March 11, 2002 12:54 PM
To: Michael Steele
Cc: Y P Chien; snort-users () lists sourceforge net
Subject: Re: [Snort-users] RE: Installing SNORT 1.8.3 on win2k server


This advice from Michael is incorrect.

The latest version of pcap is superior in stability to the old one.

Sorry to dissapoint Michael and the guys at silidef, but this does not
look like a problem with the installer.

You are seeing this error message because of some of the settings in
IDScenter.  When I built the combined Win32 installer that is 
distributed on snort.org, I tried to compensate for new users by
preloading some registry keys with common default values and settings
for IDScenter so it might have a hope of working out of the box without
configuration.  This falls short in some areas (like if you have your
Program Files directory on a drive other C: for instance) and you may
have to fiddle with the IDScenter settings to make 
it work for your particular setup (which you would have had to do 
anyway if you had installed the components yourself separately). I am
trying to further improve some of these settings on the next 
release of the Win32 installer which will be out released after some
more testing.

Though I cannot ascertain exactly what settings are incorrect 
from your error message, I would suspect  you might want to look at what
you might have your interface setting at under the IDScenter general
setup screen.

Send me some e-mail directly and I can try to help you work through 
this issue.

Another option you might want to try is debugging your setup using the
command line version of snort. Send me some more information 
about your ssetup and results and let's see what we can figure out 
about your problem.

cheers,
--dr

On Mon, 11 Mar 2002 18:56:00 -0800
"Michael Steele" <michaels () silicondefense com> wrote:

> YP,
>
>  
>
> This is an installation from Sourcefire. You might want to contact 
> Marty and find out why?  I would be more then happy to help you if you

> were using the installation documentation written by me located on our

> website as I have never installed the Sourcefire installation. It's 
> usually a problem with WinPcap. You might try going back one version 
> (2.2 Non Beta).
>
> - Mike
>
> Commercial Snort Support <<->> 1.866.41.SNORT
> Silicon Defense -- <www.silicondefense.com>
> Home of the new SENTRUS Snort sensor!
> Michael Steele - Snort Support Technician
>
> -----Original Message-----
> From: Y P Chien [mailto:ypchien () ssi com]
> Sent: Monday, March 11, 2002 4:30 PM
> To: michaels () silicondefense com
> Subject: Installing SNORT 1.8.3 on win2k server
>
>  
>
> Dear Sir:
>
> I saw your email address and post replies on Snort discussion forum.
>
> It seems that I have the similar problems that most users have with 
> installing Snort on Win2K system.
>
> I am trying to install Snort on a Win2K server with SP2.  I am using 
> WinPcap 2.3 beta.  I am getting the following errors:
>
> Initializing Network Interface \
> ERROR: OpenPcap() FSM compilation failed: 
>         syntax error 
> PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program
> Files\Sourcefire\Snort -A full -h any 
> Fatal Error, Quitting.. 
>
> Please help.
>
> YP


-- 
--dr                  pgpkey: http://dragos.com/dr-dursec.asc
      CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. -
http://cansecwest.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users