Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Winsnort help needed!

From: Peter Rodger <prodger2008 () yahoo com>
Date: Fri, 15 Apr 2005 07:34:12 -0700 (PDT)
Thanks for the help.

Do you know that I have only one master sensor and do
I need sensor_name= in the snort.conf?

Another question, I need to monitor one class C
network, var home_net should be 10.1.10.0/24 instead
of 10.1.10.1/24, right?

Welcome any help!

Peter




--- Joe Pope <POPEJ () WESTAT com> wrote:


I have three sensors and one admin interface.
Maybe you want to try the Apache version, I just
installed it a little
while ago
with Winsnort instructions and it worked like a
charm, even Oinkmaster.
One thing though. In their instructions, you must be
exact!  If they say
to use
"'s, you nee0d them or it will not work.

Joe

-----Original Message-----
From: Peter Rodger [mailto:prodger2008 () yahoo com] 
Sent: Thursday, April 14, 2005 4:24 PM
To: Joe Pope
Subject: RE: [Snort-users] Winsnort help needed!


Thanks for your help.  Stll no luck for me after I
put
port number in.

BTW, do you have slave sensor?  I have only one
master
sensor and do I need sensor_name=WebZone(hostname)in
snort.conf?

Quite frustrated!

Tnanks,

Peter


--- Joe Pope <POPEJ () WESTAT com> wrote:


I use Apache/MySQL on my Win2003 and this works

for

me:

You might need to specify the PORT (default is

3306)

for MySQL

Here is my output in snort.conf:

output database: alert, mysql, user=snort
password=XxXxXxXx dbname=snort
host=127.0.0.1 port=3306 sensor_name=WebZone

Here is my base config in base.conf:

$alert_dbname   = "snort";
$alert_host     = "localhost";
$alert_port     = "3306";
$alert_user     = "base";
$alert_password = "baseXXXX";

/* Archive DB connection parameters */
$archive_exists   = 1; # Set this to 1 if you have
an archive DB
$archive_dbname   = "archive";
$archive_host     = "localhost";
$archive_port     = "3306";
$archive_user     = "base";
$archive_password = "baseXXXX";

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]

On

Behalf Of Peter
Rodger
Sent: Thursday, April 14, 2005 2:28 PM
To: Briggs, Bruce
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Winsnort help needed!


Please see below the snort.conf and base config:

Here is the snort.conf output config:


# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more

information

about configuring
# and using this plugin.
#
# output database: log, mysql, user=root
password=test dbname=db
host=localhost # output database: alert,

postgresql, user=snort

dbname=snort # output database: log, odbc,
user=snort dbname=snort #
output database: log, mssql, dbname=snort

user=snort

password=test
output database: log, mssql, dbname=snort

user=snort

password=10gg3r
output database: alert, mssql, dbname=snort
user=snort password=10gg3r #
output database: log, oracle, dbname=snort
user=snort password=test


Here is the base output config:


 *  output plugin configuration.
 */
$alert_dbname   = "snort";
$alert_host     = "localhost";
$alert_port     = "";
$alert_user     = "base";
$alert_password = "111111";

/* Archive DB connection parameters */
$archive_dbname   = "archive";
$archive_host     = "localhost";
$archive_port     = "";
$archive_user     = "base";
$archive_password = "111111";

Let me know what I did wrong.  I am so

overwhelming

with it.

Thanks,

Peter

--- "Briggs, Bruce" <Bruce.Briggs () suny edu> wrote:

Have you uncommented to appropriate output

database:  statement in

snort.conf?

-----Original Message-----
From: Peter Rodger

[mailto:prodger2008 () yahoo com]

Sent: Thursday, April 14, 2005 10:06 AM
To: Briggs, Bruce
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Winsnort help needed!

Bruce,

Thanks for the reply.


Did you set up IIS with the Console virtual
directory and set
base_main.php as the only Default Document?



YES.

I really do not know what's wrong.  I followed

the

exact steps as the Guide says.

If I do not have the slave sensors, I took out

the



sensor_name=HOSTNAME in snort.conf.  Is this

right?


Thanks for the help and hope that anyone can

point

me
to the right direction.

Peter


--- "Briggs, Bruce" <Bruce.Briggs () suny edu>

wrote:

Did you set up IIS with the Console virtual
directory and set
base_main.php as the only Default Document?

Bruce

-----Original Message-----
From: snort-users-admin () lists sourceforge net


[mailto:snort-users-admin () lists sourceforge net]

On

Behalf Of Peter
Rodger
Sent: Wednesday, April 13, 2005 5:58 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Winsnort help needed!

Hi,

I followed the installation guide for Windows



=== message truncated ===



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more. 
http://info.mail.yahoo.com/mail_250


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: