[Snort-users] Problem with settin up Snort on win XP

Michael Steele michaels at ...9077...
Mon Dec 15 07:44:13 EST 2003


You might try over at the home site for IDS Center as they have forums that
most likely will give you the answer you need.

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Sjögren Claes
> Sent: Monday, December 15, 2003 5:45 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Problem with settin up Snort on win XP
> 
> Hello
> 
> Just recently got interested in setting up a IDS at work and ofcourse
> though Snort was the way to start
> 
> Im usin IDScenter 1.1 RC4 for setting up snort and Microsoft SQL as
> database.
> 
> My problem is this:
> 
> |> IDScenter test console <|
> Running in IDS mode
> Log directory = C:\Snort\log
> 
> Initializing Network Interface \
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface \
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file C:\Snort\etc\snort.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> No arguments to frag2 directive, setting defaults to:
>     Fragment timeout: 60 seconds
>     Fragment memory cap: 4194304 bytes
>     Fragment min_ttl:   0
>     Fragment ttl_limit: 5
>     Fragment Problems: 0
>     Self preservation threshold: 500
>     Self preservation period: 90
>     Suspend threshold: 1000
>     Suspend period: 30
> Stream4 config:
>     Stateful inspection: ACTIVE
>     Session statistics: INACTIVE
>     Session timeout: 30 seconds
>     Session memory cap: 8388608 bytes
>     State alerts: INACTIVE
>     Evasion alerts: INACTIVE
>     Scan alerts: ACTIVE
>     Log Flushed Streams: INACTIVE
>     MinTTL: 1
>     TTL Limit: 5
>     Async Link: 0
>     State Protection: 0
>     Self preservation threshold: 50
>     Self preservation period: 90
>     Suspend threshold: 200
>     Suspend period: 30
> Stream4_reassemble config:
>     Server reassembly: INACTIVE
>     Client reassembly: ACTIVE
>     Reassembler alerts: ACTIVE
>     Zero out flushed packets: INACTIVE
>     flush_data_diff_size: 500
>     Ports: 21 23 25 53 80 110 111 143 513 1433
>     Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
> http_decode arguments:
>     Unicode decoding
>     IIS alternate Unicode decoding
>     IIS double encoding vuln
>     Flip backslash to slash
>     Include additional whitespace separators
>     Ports to decode http on: 80
> rpc_decode arguments:
>     Ports to decode RPC on: 111 32771
>     alert_fragments: INACTIVE
>     alert_large_fragments: ACTIVE
>     alert_incomplete: ACTIVE
>     alert_multiple_requests: ACTIVE
> telnet_decode arguments:
>     Ports to decode telnet on: 21 23 25 119
> ERROR: Unable to open rules file: classification.config or
> ./classification.conf
> ig
> 
> 
> Now i have specified the classification.config file and checked everything
> with the file. Just cant get it work..
> 
> Anybody has any clue what i could do
> 
> Best regards
> 
> Claes
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users







More information about the Snort-users mailing list