RE: PureSecure is crazy

["Robin Brown" <robin_brown () totalcomm com>]

I had the same issue with a new sensor being created every time I
restarted.  Try these links, the update worked for me:

http://www.demarc.com/downloads/other/

http://www.demarc.com/downloads/other/snort-db.txt


-Robin



Message: 10
From: =?ISO-8859-1?Q?Fran=E7ois?= Jan <fjan () wanadoo fr>
To: snort-users () lists sourceforge net
Organization: 
Date: 17 Jun 2002 23:48:29 +0200
Subject: [Snort-users] PureSecure is crazy

Hi,

I tried to find the answer on this mailing-list but nobody seems to have
ran into the same problem as me so I'm gonna explain it in hope somebody
has a solution.

I upgraded from demarc 1.05 to PureSecure 1.6 on a redhat 7.3.
I run snort on ppp0 on one server and the console on another computer.

When I first started, I noticed a sensor I didn't know of. I deleted it
through the console but it keeps coming back with increasing sensor id.
I looked into MySQL but couldn't understand where this sensor comes
from.

Since my psd.conf indicates sensorid =3D 1, I began to think about psd
not
using psd.conf. Another point : if I change snort options in this same
file and I restart psd, it doesn't care about my options and uses the
"-o -N" default.

my psd.conf file is in the place it should be
(/usr/local/puresecure/sensor/conf) and I really don't have a clue where
to start from.

Thanks.


--=20
Fran=E7ois Jan <fjan () wanadoo fr>



--__--__--

Message: 11
From: "Michael Steele" <michaels () silicondefense com>
To: <armfield () amnh org>
Cc: <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Installing Snort on Win 2K
Date: Mon, 17 Jun 2002 17:43:26 -0700

Raoul,

Check this out! Should be everything you need to get it up and running.
Not sure why you are getting g the errors, but we can sure troubleshoot
it if ya want.

http://www.silicondefense.com/techsupport/windows.htm

Michael Steele | System Engineer / System Administrator     
mailto:michaels () silicondefense com
http://www.silicondefense.com


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Raoul
Armfield
Sent: June 17, 2002 1:33 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Installing Snort on Win 2K

I realize this is a newbie question but I am trying to install Snort 
1.8.5 on a Win2K pro machine on my home network.  and am getting 
problems with finding certain files it looks for ie. Alert.ids, in 
addition when I send it to alertmail.ids it seems happy (satisfied) 
with that but when I test configuration I get a Error msg:

Error:  Openpcap device() open:
                error opening adapter
Fatal error quiting.

Any ideas what causes this and if there is somewhere where I can find 
documentation on installing snort on WIN2K  I seem to be able to find 
a plethora of info for flavors of unices.

        

-- 
Raoul Armfield
Support Specialist
IT-Callcenter
mailto:armfield () amnh org
Central Park West at 79th Street
New York, NY, 10024
212.313.7258


_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--__--__--

Message: 12
From: "Michael Steele" <michaels () silicondefense com>
To: "'Ronneil Camara'" <ronneilc () remingtonltd com>
Cc: <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Problem emailing alerts from ACID
Date: Mon, 17 Jun 2002 17:45:12 -0700

Ronneil,

Are you really sure you have Sendmail installed?

Michael Steele | System Engineer / Support Technician     
mailto:michaels () silicondefense com
Silicon Defense: IDS solutions - http://www.silicondefense.com
Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ronneil
Camara
Sent: June 17, 2002 2:37 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Problem emailing alerts from ACID

> -----Original Message-----
> From: Bradley, Paul [mailto:paulb () cta com]
> Sent: Monday, June 17, 2002 9:31 AM
> To: 'snort-users () lists sourceforge net'
> Subject: [Snort-users] Problem emailing alerts from ACID
>
>
> Using SNORT 1.8.6 w/ ACID 0.9.6b21 running on RedHat 7.2.
>
> Upon attempting to email summary of events from ACID, I get 
> the following
> error:
>
> "EXPORT ERROR: Could not send exported alerts to 
> 'paulb () cta com'. Check the
> mail configuration in PHP.
>
> Successful EXPORT-summary - 5 alert(s)"
>
>
> I have checked the /usr/local/lib/php.ini file and verified:
>
> sendmail_path = '/usr/sbin/sendmail -t -i'
>
> However, I still cannot email the events.  Any suggestions?

What about sending mail from within the console of your ids box using
mail command?
What o.s. are you running?

Neil

------------------------------------------------------------------------
----------------------------
                                     Sponsor's Message
------------------------------------------------------------------------
----------------------------
                      Bringing you mounds of caffeinated joy
                         >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list






--__--__--

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest


----------------------------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                      >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users