[Snort-users] Win32 snort crashing when -A not used

Rich Adamson radamson at ...2127...
Wed Jul 10 07:35:03 EDT 2002


>     I'm seeing the same thing on Win2k using version 1.8.7beta5-ODBC-Win32 (build 128)
>     barebones_release with the just-downloaded-and-installed WinPcap v2.3. Two 
>     different "crashes"; one rebooted the PC automatically, the other hung the
>     machine requiring a power recycle.

A quick check indicated that I was running build 128 (snort -V), however it must have
been something else as I just downloaded the v1.8.7 STABLE code, and it is a 
"different" size executable but still reports build 128. Not sure what the differences
are, but this stable release has now been running about twice as long as the
previous implementation without crashing the system (still running).

>     I also installed IDScenter 1.09 beta2, and it too has a couple of bugs including:
>       a. no way to "see" how to set the -A flag,
> 
> Log settings -> Log parameters -> Set alert mode

Found it! Thanks
 
>       b. IDScenter complains about a missing classification file (but then it is
>          fine after stopping/restarting IDScenter)
> 
> IDS rules -> Rules/Signatures -> .. select the classification.config file (official Snort 
distribution classification file). This has to
> be done ONCE.
> This file is usally in the same folder as "Snort.exe"... if not you must give the correct path 
of course (like you would do it in
> Snort.conf manually).

Probably wouldn't hurt to include a readme.txt file that suggests the minimum
steps needed to implement IDScenter with snort. The above step is far less
than obvious.
 
Based on the last 30 minutes of operation, it would appear the snort download
from yesterday had significant stability problems.  The Stable release 
downloaded today has been running well (thus far).

Rich





More information about the Snort-users mailing list