RE: newbie snort user on windows xp needs help please

[Scott Weeks <surfer () mauislanwanman com>]

Hello everyone,

Hopefully useful info for the other newbie users of IDS and Snort...  I
had downloaded the program from snort.org, but the documentation I was
looking for is located at www.packx.net.  It explains a lot of the
questions that I was having.  Thanks to Michael for his help and to the
list members for your time and mailbox space...  :-)

scott



On Wed, 26 Jun 2002, Michael Steele wrote:

: Scott,
:
: The way you are running Snort will not allow Snort to generate alerts to
: the screen.
:
: The rules are correct and you should be generating an enormous amount of
: traffic. Use your browser to generate the traffic. Make sure you have
: activated your custom rules in your Snort.conf. Also, when you add
: rules, be sure to restart snort.
:
: After you run snort and generate some traffic, stop snort and use a text
: editor to check your alert.ids file and see if there are alerts being
: entered. They will be time stamped.
:
: If you really want to get the feel of Snort and have a better
: understanding of how things work, you might want to do a manual install.
: All the programs you are using are available outside of the installer.
:
: There is a LOT of documentation out there for Snort and Windows, but not
: nearly as much as there are for *nix. Try doing a search on google for
: some key words or phrases.
:
: Also, I have never used that installer so some of the above may not
: apply.
:
: -Michael
:
:  Michael Steele | System Engineer / Support Technician
:  mailto:michaels () silicondefense com
:  Silicon Defense: IDS solutions - http://www.silicondefense.com
:  Snort: Open Source Network IDS - http://www.snort.org
:
:
: -----Original Message-----
: From: Scott Weeks [mailto:surfer () mauislanwanman com]
: Sent: June 26, 2002 8:22 PM
: To: Michael Steele
: Cc: snort-users () lists sourceforge net
: Subject: RE: [Snort-users] newbie snort user on windows xp needs help
: please
:
:
:
: On Wed, 26 Jun 2002, Michael Steele wrote:
:
: : Scott,
: :
: : There are a multitude of new people visiting this list every day, or I
: : would hope. The information, no matter how trivial will help someone.
: It
: : will also help people to better understand Snort and what works and
: what
: : doesn't work and hopefully that knowledge will better the Snort
: : community.
: :
: : How I usually, and I'm sure most of the tech's that monitor this list
: : deal with posting is; not only to reply back to the list but to CC the
: : poster so he or she can get the required information the quickest
: : possible way.
:
:
:
: Hello list members,
:
: Here's the gist of my problem...
:
: I am finding documentation for windows lacking.  I'm using XP Home
: Edition
: (unfortunately) and IDScenter 1.09 Beta 1.3.  (Beta.  Maybe that's my
: problem?) on my home computer, so I can get used to using SNORT in
: preparation for an interview I have coming up.  Just to get some traffic
: generated I put in the following rules:
:
:    log tcp any any <> any any (msg: "test";)
:    alert tcp any any <> any any (msg: "test";)
:
: These are in the "IDS rules" part of the GUI interface.  In the
: "Logs/Alerts" section I left the path unchanged:
:
:    C:\Program Files\IDS_systems\Sourcefire\log\alert.ids
:
: In the "General Setup" window I click on "Create Script" and
: everything's
: OK. For the IP I use the "Select" button and check with the "Command
: Prompt" (DOS screen) using the ipconfig command, so I know it's the
: correct one.  (My ISP uses DHCP)  I also used the "Test Configuration"
: button for sanity's sake.  All is good.
:
: When I click "Start Snort" a DOS window opens up and remains open.  I'm
: assuming that the "alert" rule should cause things to show up in that
: window and the "log" rule should cause the same entries to show up in
: the
: "alert.ids" file and those should be able to be seen when clicking on
: the
: "View Alerts" button.  However nothing shows up on the DOS screen nor
: does
: anything show up in the "View Alerts" window when I put the path to the
: file "C:\Program Files\IDS_systems\Sourcefire\log\alert.ids" in the
: "Search alert log" box.
:
: Thanks,
: scott
:
:
:
:
:



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Caffeinated soap. No kidding.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users