Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Setting up Snort on Windows

From: "Michael Steele" <michaels () silicondefense com>
Date: Thu, 27 Jun 2002 09:07:41 -0700
Andrew,

Placing a hash mark to remove the line from the config is fine. It does
take some time for alerts to start to show up.

Here is a rule to place into your local.rules file. After you do that be
sure to remove the hash mark in Snort.conf for the include local.rules.
You can either replace the file with this or just past the rule in.

After you have done that be sure to restart snort, to activate the new
rule. Then go to your browser and generate some traffic.

Let me know how that works.

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: Andrew Barnes-Webb [mailto:Andrew.Barnes-Webb () chjm com] 
Sent: Thursday, June 27, 2002 7:03 AM
To: michaels () silicondefense com
Subject: Setting up Snort on Windows

Hi Michael

I have been following your instructions on installing Snort (with
Apache, MySQL, ACID, etc.) on Windows and I seem to have hit a brick
wall. Unfortunately I am a relative novice at this sort of intricate
installation so trying to figure the problem out has been rather
frustrating for me.

My problem is that in the Apache httpd.conf file, we added the line
"AddModule mod_php4.c" but when I test the config, I get the error
message "Cannot add module via name 'mod_php4.c': not in list of loaded
modules". When I comment this line out, the config runs OK, but no data
is registered on the ACID stats pages. I'll attach a JPG of the error
message for good measure.

My PC config is as follows:
Compaq Deskpro
Pentium 2 (400)
Windows 98 SE <---- I hope this isn't an issue
64MB RAM

I would appreciate it if you could part with some of you superior
knowledge and shed some light on my problem.

Thaks for your help.
Andrew



________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________

Attachment: local.rules
Description:

Previous By Date Next
Previous By Thread Next

Current thread: