RE: windows 2k interface cmd in conf

["Turnquist,Wayne" <WayneTurnquist () catholichealth net>]

I'm going to try to give more info on the problesm im having. it might be related to the issue that some things do not 
work on a windows platform

im running snort 2.3.3 build14, windows 2000sp4 with all patches

The following is my interfaces

Interface       Device          Description
-------------------------------------------
1  \Device\NPF_{B0854404-E184-4C71-BF94-A9AC89652F9D} (3Com EtherLink PCI)
2 \Device\NPF_{EDC2BF31-1A4B-42A4-A673-A6B0FA4973DD} (NETGEAR FA311/FA312 PCI Adapter                                   
 )
3 \Device\NPF_{C4B1BE55-F031-47D4-B11A-228E43D48C0D} (NETGEAR FA311/FA312 PCI Adapter                                   
 )
4 \Device\NPF_{0D050718-9C12-498B-B3CF-A34D4B09321D} (NETGEAR FA310TX Fast Ethernet PCI Adapter)

The following is my current command for snort which has been working for months

snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -i 2 -s
---------------------------------------------------------------------------------

im trying to use the config interface command in the snort.conf file
with the following command
snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -s

and with the following in the snort.conf
config interface: pp 
   where i have replace pp with 2, eth2, xl2

but keep getting the following error

ERROR: openpcap() device pp open:
error opening adapter the system cannot find the file specified

what should i use in place of pp? or is this broken on 2000


--------------------------------------------------------------------

i have also tried to use the config logdir
with the command line snort -c "d:\ids2\snort-1\rules\snort.conf" -i 2 -s

config logdir: d:\ids2\snort-1\log
i also have tried "d:\ids2\snort-1\log", d:/ids2/snort-1/log, "d:/ids2/snort-1/log" snort-1\log

but get the following error
ERROR: openalertfile() => fopen() alert file log/alert.ids: no such file or directory

what am i doing wrong or is this boken in 2000

i hope i defined my problems clearly. let me know if i need to send more info
thanks
wt


-----Original Message-----
From: Matt Kettler [mailto:mkettler () evi-inc com]
Sent: Wednesday, July 06, 2005 11:28 AM
To: Turnquist,Wayne
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] windows 2k interface cmd in conf


Turnquist,Wayne wrote:
> As of right now i have snort working with the command switch -i 2
>
>
> Snort complains when i add the 2 to the command inside the snort.conf file.

How did you do this? Be exact.

> What do is use instead?

AFAIK You can't specify an interface to listen on in snort.conf, on any
platform. Period. You must specify this on the command line. It's the only way.



In general most of the command line options are only commandline options, for
example the -h "home net" command line option is NOT the same as "var HOME_NET"
in your snort.conf. They work very differently, although both commonly have the
same value.





-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users