[Snort-users] RE: Setting up Snort on Windows

Michael Steele michaels at ...155...
Thu Jun 27 09:21:19 EDT 2002


Andrew,

Placing a hash mark to remove the line from the config is fine. It does
take some time for alerts to start to show up.

Here is a rule to place into your local.rules file. After you do that be
sure to remove the hash mark in Snort.conf for the include local.rules.
You can either replace the file with this or just past the rule in.

After you have done that be sure to restart snort, to activate the new
rule. Then go to your browser and generate some traffic.

Let me know how that works.

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: Andrew Barnes-Webb [mailto:Andrew.Barnes-Webb at ...6189...] 
Sent: Thursday, June 27, 2002 7:03 AM
To: michaels at ...155...
Subject: Setting up Snort on Windows

Hi Michael

I have been following your instructions on installing Snort (with
Apache, MySQL, ACID, etc.) on Windows and I seem to have hit a brick
wall. Unfortunately I am a relative novice at this sort of intricate
installation so trying to figure the problem out has been rather
frustrating for me.

My problem is that in the Apache httpd.conf file, we added the line
"AddModule mod_php4.c" but when I test the config, I get the error
message "Cannot add module via name 'mod_php4.c': not in list of loaded
modules". When I comment this line out, the config runs OK, but no data
is registered on the ACID stats pages. I'll attach a JPG of the error
message for good measure.

My PC config is as follows:
Compaq Deskpro
Pentium 2 (400)
Windows 98 SE <---- I hope this isn't an issue
64MB RAM

I would appreciate it if you could part with some of you superior
knowledge and shed some light on my problem.

Thaks for your help.
Andrew



________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: local.rules
Type: application/octet-stream
Size: 264 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020627/82f6b73e/attachment.obj>


More information about the Snort-users mailing list