[Snort-users] Syslog,MySql, IDS Center /Eagle X

McBurnett, Jim jmcburnett at ...4394...
Mon May 19 11:02:06 EDT 2003


Okay,
This is what I am getting..
This seems weird..
But it must be a PCAP issue....
Thoughts??

Jim

C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par
\\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -i 2 -d -e -y -s 127.0.0.1:514\par
Running in IDS mode\par
Log directory = C:\\EagleX\\snort\\logs\par
\par
Initializing Network Interface \\Device\\NPF_\{150F8050-7325-4DAF-A177-662A51C877E9\par
\}\par
ERROR: OpenPcap() FSM compilation failed:\par
        PCAP command: %s\par
\par
Fatal Error, Quitting..\par
\par
C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par
\\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -i 2 -d -e -y -s "127.0.0.1:514\par
"\par
Running in IDS mode\par
Log directory = C:\\EagleX\\snort\\logs\par
\par
Initializing Network Interface \\Device\\NPF_\{150F8050-7325-4DAF-A177-662A51C877E9\par
\}\par
ERROR: OpenPcap() FSM compilation failed:\par
        PCAP command: %s\par
\par
Fatal Error, Quitting..\par
\par
C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par
\\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -s 127.0.0.1:514 -i 2 -d -e -y\par
Running in IDS mode\par
Log directory = C:\\EagleX\\snort\\logs\par
\par
Initializing Network Interface \\Device\\NPF_\{C174027D-4189-497B-8143-E5FA7A9557F5\par
\}\par
ERROR: OpenPcap() FSM compilation failed:\par
        PCAP command: %s\par
\par
Fatal Error, Quitting..\par
\par
C:\\Documents and Settings\\jmcburnett>C:\\EagleX\\snort\\bin\\snort.exe -c "C:\\EagleX\par
\\snort\\etc\\snort.conf" -l "C:\\EagleX\\snort\\logs" -s 127.0.0.1:514 -i 2 -d -e -y\par
Running in IDS mode\par
Log directory = C:\\EagleX\\snort\\logs\par
\par
Initializing Network Interface \\Device\\Packet_\{C174027D-4189-497B-8143-E5FA7A955\par
7F5\}\par
ERROR: OpenPcap() FSM compilation failed:\par
        PCAP command: %s\par
\par
Fatal Error, Quitting..\par
\par
C:\\Documents and Settings\\jmcburnett>\par
}
 

>-----Original Message-----
>From: Ueli Kistler [mailto:iuk at ...1171...]
>Sent: Monday, May 19, 2003 1:04 PM
>To: McBurnett, Jim
>Cc: snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] Syslog,MySql, IDS Center /Eagle X
>
>
>Hello
>
>McBurnett, Jim wrote:
>
>> Ok all,
>> I have searched all the archives, googled this to death and 
>I am still 
>> drawing a blank..
>> I know I am missing something.
>> I am running this on a Windows XP, Fresh install, norton AV.
>> System is running a 2.6 Ghz P4 with 512M RAM..
>> Started with the Eagle X package.
>> MySql, ACID it all works great...
>>
>sure, but it's old.. at leat update to Snort 2.0.. update will be 
>available soon after putting online the new website: 
>www.engagesecurity.com
>
>>
>> I tried to add Syslog to it and Bingo-- It crashes every 
>time it sends 
>> a message..
>> I tried to send to an external syslog.. no go. I tried an on Machine 
>> Syslog.
>> No go.. System has 3 NICS, and I am using the 2nd NIC.
>>
>Snort 2.0 has a broken syslog support (i think.. correct me if 
>i should 
>be wrong .. but i don't think so)
>note that snort always tries to bind the socket to NIC 1! You 
>must have 
>-s option activated ("Log settings"->"Logging parameters".. Type 
>hostname of the syslog server)
>
>> I thought maybe it was an issue with Snort 1.9. So I updated 
>to Snort 2.0
>>
>no .. activate "-s" option AND add an output plugin (syslog output 
>plugin) in the output plugin wizard
>
>>
>> No go, same problem, but now the snort service won't even start with 
>> Syslog enabled
>> There is nothing in the Event log of relevance, the Test of 
>the Config 
>> looks fine.
>> I can post or email offlist the config file if anyone is willing to 
>> help me...
>>
>> Does anyone have any ideas?
>>
>Don't bother Chris Reid .. i'm sure he's working on this (or 
>perhaps not) ;)
>
>> Thanks,
>> Jim
>>
>Regards,
>    Ueli Kistler
>    eclipse at ...9170...  
>    www.engagesecurity.com (soon online)
>
>--
>
>




More information about the Snort-users mailing list