Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 1.8.7 on Win2K

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Thu, 14 Nov 2002 15:35:03 -0500
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,  

I've just recently put Snort 1.8.7 (WinpCap 2.3) on a Win2k machine
and configured it just like Snort 1.8.6 (WinPCap 2.02) on a WinNT4
machine.  Both use the latest release of IDScenter to monitor the
alert.ids file and send e-mail when Snort logs an alert.  

On the Win2K machine, however, I get e-mail notices from IDScenter
but the alert.ids file from Snort is always empty.  It's like Snort
notices something, plays with the alert.ids file (which triggers
IDScenter), but never writes anything to the alert file.  

The command line I use to launch both instances of Snort is:  

C:\BIN\Snort\snort.exe -c "C:\BIN\Snort\snort.conf" -l
"C:\BIN\Snort\log" -A fast -h xxx.xxx.xxx.xxx/24 -i 1 -X -G url -y
(Yes, my home network is masked)

Unfortunately, the Rapidnet forum is down, so I cannot search for an
answer there.  But I seem to remember that this problem was noted by
another 1.8.7 user on the Win32 platform.  

Anyone have a solution to this issue?  


Sincerely,  

L. Christopher Luther  
Technical Consultant  
Xybernaut Solutions, Inc.  
(703) 654-3642  
cluther () xybernaut com  
http://www.xybernautsolutions.com  

My PGP Public Key:  
http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 631-6925. 

- ------------------------------------------------------------
Unsolicited commercial e-mail will automatically be reported
to the appropriate abuse@ - without exception.
- ------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2

iQA/AwUBPdQI+Ku/XM0hJhuIEQL00wCg+fIL+mlWYqpMhj9kiPYsrD/dxfQAn3TD
4JOkB/I22Gfh2Lziut8dI3F4
=F65+
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: