Snort mailing list archives

RE: Snort Install--Win2K

From: "Michael Steele" <michaels () silicondefense com>
Date: Mon, 8 Apr 2002 12:04:43 -0700
Mike,

 

Looks like a direction problem connected to your rules files. Make sure
you have placed the exact path to the rules files in your snort.conf.

 

Include c:\snort\rules\porn.rules

Include c:\snort\rules\classification.config

 

Note: Your path may differ.

- Michael Steele - michaels () silicondefense com

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Whaley,
Mike
Sent: April 3, 2002 5:00 PM
To: Snort-Users (E-mail)
Subject: [Snort-users] Snort Install--Win2K

 

Hello,

 

I did this last night on my machine and snort is working wonderful, no
problems.  Well, today I decided to install snort on a dedicated win2k
box, fresh install.  The error is at the very bottom of this when I type
in the Snort -c C:\Snort\Snort.conf -l C:\Snort\Logs -i1 to create the
alert.ids file in c:\snort\logs.  Any suggestions?  Thanks for your
help.

 

Mike Whaley

 

C:\snort>snort -W

 

-*> Snort! <*-

Version 1.8.3-MySQL-WIN32 (Build 92)

By Martin Roesch (roesch () sourcefire com, www.snort.org)

1.7-WIN32 Port By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)

1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)

1.8-Win32 Port Compiled By Michael Steele (michaels () silicondefense com,
www.sili

condefense.com)

          (based on code from 1.7 port)

 

Interface       Device          Description

-------------------------------------------

1  \Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A846343} (3Com EtherLink
PCI)

2 \Device\Packet_NdisWanIp (NdisWan Adapter)

 

 

------------------------------------------------------------------------
------------------------------------------------------------

 

 

C:\snort>snort -v -i1

Log directory = log

 

Initializing Network Interface \

 

        --== Initializing Snort ==--

Checking PID path...

PID stat checked out ok, PID set to C:\snort

Writing PID file to "C:\snort"

Decoding Ethernet on interface
\Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A846

343}

 

        --== Initialization Complete ==--

 

-*> Snort! <*-

Version 1.8.3-MySQL-WIN32 (Build 92)

By Martin Roesch (roesch () sourcefire com, www.snort.org)

1.7-WIN32 Port By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)

1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)

1.8-Win32 Port Compiled By Michael Steele (michaels () silicondefense com,
www.sili

condefense.com)

          (based on code from 1.7 port)

04/03-17:40:14.718322 ARP who-has 0.0.0.0 tell 0.0.0.0

 

04/03-17:40:14.721750 ARP who-has 0.0.0.0 tell 0.0.0.0

 

04/03-17:40:15.452724 172.xx.xx.xxx:xxx -> 172.xx.xxx.xxx:xxx

UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:135 DF

Len: 115....And so on...And so on.

 

------------------------------------------------------------------------
--------------------

C:\snort>snort -c c:\snort\snort.conf -l c:\snort\logs -i1

Log directory = c:\snort\logs

 

Initializing Network Interface \

 

        --== Initializing Snort ==--

Decoding Ethernet on interface
\Device\Packet_{xxxxxxx-EF5D-42A6-A5E6-F5079A846

343}

Initializing Preprocessors!

Initializing Plug-ins!

Initializating Output Plugins!

Parsing Rules file c:\snort\snort.conf

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

Initializing rule chains...

No arguments to frag2 directive, setting defaults to:

    Fragment timeout: 60 seconds

    Fragment memory cap: 4194304 bytes

Stream4 config:

    Stateful inspection: ACTIVE

    Session statistics: INACTIVE

    Session timeout: 30 seconds

    Session memory cap: 8388608 bytes

    State alerts: INACTIVE

    Scan alerts: ACTIVE

    Log Flushed Streams: INACTIVE

No arguments to stream4_reassemble, setting defaults:

     Reassemble client: ACTIVE

     Reassemble server: INACTIVE

     Reassemble ports: 21 23 25 53 80 143 110 111 513

     Reassembly alerts: ACTIVE

     Reassembly method: FAVOR_OLD

Back Orifice detection brute force: DISABLED

database: compiled support for ( mysql )

database: configured to use mysql

database:          user = snort

database: database name = snort

database:          host = localhost

database:   sensor name =
XXXXXX:\Device\Packet_{BC355F7D-EF5D-42A6-A5E6-F5079A84

6343}

 

database:     sensor id = 1

database: schema version = 104

database: using the "log" facility

ERROR: Unable to open rules file: ./ or ././

Fatal Error, Quitting..
Current thread:

Snort Install--Win2K Whaley, Mike (Apr 03)
- RE: Snort Install--Win2K Michael Steele (Apr 08)