Snort mailing list archives

RE: installation problem

From: "Rich Stryker" <rstryker () virtuallearning net>
Date: Thu, 2 Jan 2003 10:10:10 -0500

I can answer the first question..

-*> Snort! <*-
Version 1.8.7-MySQL-WIN32 (Build 121)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)
1.8-WIN32 Compiled By Michael Steele (michaels () silicondefense com, www.siliconde
fense.com)
         (based on code from 1.7 port)
____________________________________________________
# AND.. IT STOP HERE.. WHY IS THIS HAPPENING?


This is what is suppose to happen. SNORT is now looking to your snort.conf file to know exactly what is should report 
on. All that it reports on is now being logged to your C:\snort\logs folder.

As for Apache stuff sorry can't help.


Rich Stryker - Infrastructure Manager
Virtual Learning Inc.
18 Wynford Drive, Suite 507
Toronto, ON M3C 3S2
Phone: 416-383-0010 ext. 233
Fax: 416-383-0005
rstryker () virtuallearning net

Virtual Learning - Simply the best solution for your interactive health care needs http://www.mediresource.com/ - 
Simply the best solution for providing health care information.

-----Original Message-----
From: Noraini Mariam Binti Mustafa [mailto:ain_ceria () lycos com]
Sent: Thursday, January 02, 2003 1:02 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] installation problem

Hi, I'm having problem on snort installation.. could somebody help me out....
I'm using the window version..

FIRST I HAVE TEST THE PORT I WANT TO USE.. IT CAME OUT LIKE THIS..
_____________________________________________________________
C:\snort>snort -v -i1
Log directory = log

Initializing Network Interface mxnic

        --== Initializing Snort ==--
Decoding Ethernet on interface mxnic

        --== Initialization Complete ==--


-*> Snort! <*-
Version 1.8.7-MySQL-WIN32 (Build 121)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)
1.8-WIN32 Compiled By Michael Steele (michaels () silicondefense com, www.silicon
fense.com)
          (based on code from 1.7 port)
01/02-12:09:52.535276 10.2.0.44:1026 -> 255.255.255.255:60015
UDP TTL:128 TOS:0x0 ID:44098 IpLen:20 DgmLen:540
Len: 520
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/02-12:09:52.541257 10.2.0.69:1029 -> 255.255.255.255:60015
UDP TTL:128 TOS:0x0 ID:43342 IpLen:20 DgmLen:540
Len: 520
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/02-12:09:52.542872 10.2.0.90:1031 -> 255.255.255.255:60015
UDP TTL:128 TOS:0x0 ID:4445 IpLen:20 DgmLen:540
Len: 520
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
____________________________________________________________

# MEANS IT'S OK I GUESS... THEN I MOVED TO THE NEXT STEP.. THIS IS WHAT HAPPEN...
____________________________________________________________
C:\snort>snort -c c:\snort\snort.conf -| c:\snort\logs -i1
Log directory = log

Initializing Network Interface mxnic

        --== Initializing Snort ==--
Decoding Ethernet on interface mxnic
Parsing Rules file c:\snort\snort.conf
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.7-MySQL-WIN32 (Build 121)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)
1.8-WIN32 Compiled By Michael Steele (michaels () silicondefense com, www.siliconde
fense.com)
          (based on code from 1.7 port)
____________________________________________________
# AND.. IT STOP HERE.. WHY IS THIS HAPPENING?

# AFTER THAT.. i'VE TRIED TO INSTALL THE SERVICES.. THIS IS WHAT CAME OUT OF IT..

_________________________________________________________
C:\snort>snort/SERVICE/INSTALL -de -c C:\snort\logs -i1
Format for command line variable definitions is:
 -S var=value
Fatal Error, Quitting..
_________________________________________________________

# ANOTHER PROBLEM IS REGARDING THE APACHE CONF. "HTTPD.CONF"
THIS CAME OUT  WHEN I TEST THE CONFIGURATION SETTING....

___________________________________________________________
Syntax error on line 240 of c:/program files/apache group/apache/conf/httpd.conf
:
Cannot add module via name 'mod_php.c': not in list of loaded modules
Note the errors or messages above, and press the <ESC> key to exit.  22...
________________________________________________________________

# i REALLY NEED AN URGENT REPLY CAUSE I DOING RESEARCH FOR MY FINAL YEAR STUDIES.

NORAINI



_____________________________________________________________
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

installation problem Noraini Mariam Binti Mustafa (Jan 01)
- <Possible follow-ups>
- RE: installation problem Rich Stryker (Jan 02)