Snort mailing list archives
Snort 1.8.7 on Win2K
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Thu, 14 Nov 2002 15:35:03 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I've just recently put Snort 1.8.7 (WinpCap 2.3) on a Win2k machine and configured it just like Snort 1.8.6 (WinPCap 2.02) on a WinNT4 machine. Both use the latest release of IDScenter to monitor the alert.ids file and send e-mail when Snort logs an alert. On the Win2K machine, however, I get e-mail notices from IDScenter but the alert.ids file from Snort is always empty. It's like Snort notices something, plays with the alert.ids file (which triggers IDScenter), but never writes anything to the alert file. The command line I use to launch both instances of Snort is: C:\BIN\Snort\snort.exe -c "C:\BIN\Snort\snort.conf" -l "C:\BIN\Snort\log" -A fast -h xxx.xxx.xxx.xxx/24 -i 1 -X -G url -y (Yes, my home network is masked) Unfortunately, the Rapidnet forum is down, so I cannot search for an answer there. But I seem to remember that this problem was noted by another 1.8.7 user on the Win32 platform. Anyone have a solution to this issue? Sincerely, L. Christopher Luther Technical Consultant Xybernaut Solutions, Inc. (703) 654-3642 cluther () xybernaut com http://www.xybernautsolutions.com My PGP Public Key: http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88 CONFIDENTIALITY NOTE: This communication contains information that is confidential and/or legally privileged. This information is intended only for the use of the individual or entity named on this communication. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, printing or other use of, or any action in reliance on, the contents of this communication is strictly prohibited. If you receive this communication in error, please immediately notify us by telephone at (703) 631-6925. - ------------------------------------------------------------ Unsolicited commercial e-mail will automatically be reported to the appropriate abuse@ - without exception. - ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.2 iQA/AwUBPdQI+Ku/XM0hJhuIEQL00wCg+fIL+mlWYqpMhj9kiPYsrD/dxfQAn3TD 4JOkB/I22Gfh2Lziut8dI3F4 =F65+ -----END PGP SIGNATURE-----
Current thread:
- Snort 1.8.7 on Win2K L. Christopher Luther (Nov 14)