Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: windows 2k interface cmd in conf

From: "Turnquist,Wayne" <WayneTurnquist () catholichealth net>
Date: Thu, 7 Jul 2005 13:32:15 -0500


-----Original Message-----
From: Kevin Reiter [mailto:tux () penguinnetwerx net]
Sent: Thursday, July 07, 2005 11:27 AM
To: Turnquist,Wayne
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] windows 2k interface cmd in conf


Turnquist,Wayne wrote:

I'm going to try to give more info on the problesm im having. it might be related to the issue that some things do 
not work on a windows platform

im running snort 2.3.3 build14, windows 2000sp4 with all patches

The following is my interfaces

Interface     Device          Description
-------------------------------------------
1  \Device\NPF_{B0854404-E184-4C71-BF94-A9AC89652F9D} (3Com EtherLink PCI)
2 \Device\NPF_{EDC2BF31-1A4B-42A4-A673-A6B0FA4973DD} (NETGEAR FA311/FA312 PCI Adapter                                 
   )
3 \Device\NPF_{C4B1BE55-F031-47D4-B11A-228E43D48C0D} (NETGEAR FA311/FA312 PCI Adapter                                 
   )
4 \Device\NPF_{0D050718-9C12-498B-B3CF-A34D4B09321D} (NETGEAR FA310TX Fast Ethernet PCI Adapter)

The following is my current command for snort which has been working for months

snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -i 2 -s
---------------------------------------------------------------------------------

im trying to use the config interface command in the snort.conf file
with the following command
snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -s

and with the following in the snort.conf
config interface: pp 
   where i have replace pp with 2, eth2, xl2


you have to call the interfaces by the number, not the name, such as -i1 
-i2 -i3 etc. on the commandline ONLY - it won't work by trying to 
include it in your snort.conf.

I've been using Snort on W2k for awhile now, and I haven't noticed 
anything being "broken".


do you know how to use the config logdir:
or does that also have to be on the commandline ONLY



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: