[Snort-users] RE: Installing SNORT 1.8.3 on win2k server
dr at ...381...
Tue Mar 12 19:32:40 EST 2002
This advice from Michael is incorrect.
The latest version of pcap is superior in stability to the old one.
Sorry to dissapoint Michael and the guys at silidef, but this does
not look like a problem with the installer.
You are seeing this error message because of some of the settings
in IDScenter. When I built the combined Win32 installer that is
distributed on snort.org, I tried to compensate for new users by
preloading some registry keys with common default values and settings
for IDScenter so it might have a hope of working out of the box
without configuration. This falls short in some areas (like if you
have your Program Files directory on a drive other C: for instance)
and you may have to fiddle with the IDScenter settings to make
it work for your particular setup (which you would have had to do
anyway if you had installed the components yourself separately).
I am trying to further improve some of these settings on the next
release of the Win32 installer which will be out released after
some more testing.
Though I cannot ascertain exactly what settings are incorrect
from your error message, I would suspect you might want to look
at what you might have your interface setting at under the IDScenter
general setup screen.
Send me some e-mail directly and I can try to help you work through
Another option you might want to try is debugging your setup using
the command line version of snort. Send me some more information
about your ssetup and results and let's see what we can figure out
about your problem.
On Mon, 11 Mar 2002 18:56:00 -0800
"Michael Steele" <michaels at ...155...> wrote:
> This is an installation from Sourcefire. You might want to contact Marty
> and find out why? I would be more then happy to help you if you were
> using the installation documentation written by me located on our
> website as I have never installed the Sourcefire installation. It's
> usually a problem with WinPcap. You might try going back one version
> (2.2 Non Beta).
> - Mike
> Commercial Snort Support <<->> 1.866.41.SNORT
> Silicon Defense -- <www.silicondefense.com>
> Home of the new SENTRUS Snort sensor!
> Michael Steele - Snort Support Technician
> -----Original Message-----
> From: Y P Chien [mailto:ypchien at ...5290...]
> Sent: Monday, March 11, 2002 4:30 PM
> To: michaels at ...155...
> Subject: Installing SNORT 1.8.3 on win2k server
> Dear Sir:
> I saw your email address and post replies on Snort discussion forum.
> It seems that I have the similar problems that most users have with
> installing Snort on Win2K system.
> I am trying to install Snort on a Win2K server with SP2. I am using
> WinPcap 2.3 beta. I am getting the following errors:
> Initializing Network Interface \
> ERROR: OpenPcap() FSM compilation failed:
> syntax error
> PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program
> Files\Sourcefire\Snort -A full -h any
> Fatal Error, Quitting..
> Please help.
--dr pgpkey: http://dragos.com/dr-dursec.asc
CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com
More information about the Snort-users