[Snort-users] Winsnort help needed!

Briggs, Bruce Bruce.Briggs at ...13183...
Fri Apr 15 08:09:15 EDT 2005


My Snort and database (MySQL) are on the same machine.

This is my output statement:

output database: log, mysql, user=Snortuser password=snortpass
dbname=Snort host=localhost 

Bruce

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Peter
Rodger
Sent: Friday, April 15, 2005 10:34 AM
To: Joe Pope
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Winsnort help needed!

Thanks for the help.

Do you know that I have only one master sensor and do
I need sensor_name= in the snort.conf?

Another question, I need to monitor one class C
network, var home_net should be 10.1.10.0/24 instead
of 10.1.10.1/24, right?

Welcome any help!

Peter




--- Joe Pope <POPEJ at ...1641...> wrote:

> I have three sensors and one admin interface.
> Maybe you want to try the Apache version, I just
> installed it a little
> while ago
> with Winsnort instructions and it worked like a
> charm, even Oinkmaster.
> One thing though. In their instructions, you must be
> exact!  If they say
> to use
> "'s, you nee0d them or it will not work.
> 
> Joe
> 
> -----Original Message-----
> From: Peter Rodger [mailto:prodger2008 at ...131...] 
> Sent: Thursday, April 14, 2005 4:24 PM
> To: Joe Pope
> Subject: RE: [Snort-users] Winsnort help needed!
> 
> 
> Thanks for your help.  Stll no luck for me after I
> put
> port number in.
> 
> BTW, do you have slave sensor?  I have only one
> master
> sensor and do I need sensor_name=WebZone(hostname)in
> snort.conf?
> 
> Quite frustrated!
> 
> Tnanks,
> 
> Peter
> 
> 
> --- Joe Pope <POPEJ at ...1641...> wrote:
> 
> > I use Apache/MySQL on my Win2003 and this works
> for
> > me:
> > 
> > You might need to specify the PORT (default is
> 3306)
> > for MySQL
> > 
> > Here is my output in snort.conf:
> > 
> > output database: alert, mysql, user=snort
> > password=XxXxXxXx dbname=snort
> > host=127.0.0.1 port=3306 sensor_name=WebZone
> > 
> > Here is my base config in base.conf:
> > 
> > $alert_dbname   = "snort";
> > $alert_host     = "localhost";
> > $alert_port     = "3306";
> > $alert_user     = "base";
> > $alert_password = "baseXXXX";
> > 
> > /* Archive DB connection parameters */
> > $archive_exists   = 1; # Set this to 1 if you have
> > an archive DB
> > $archive_dbname   = "archive";
> > $archive_host     = "localhost";
> > $archive_port     = "3306";
> > $archive_user     = "base";
> > $archive_password = "baseXXXX";
> > 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [mailto:snort-users-admin at lists.sourceforge.net]
> On
> > Behalf Of Peter
> > Rodger
> > Sent: Thursday, April 14, 2005 2:28 PM
> > To: Briggs, Bruce
> > Cc: snort-users at lists.sourceforge.net
> > Subject: RE: [Snort-users] Winsnort help needed!
> > 
> > 
> > Please see below the snort.conf and base config:
> > 
> > Here is the snort.conf output config:
> > 
> > 
> > # database: log to a variety of databases
> > # ---------------------------------------
> > # See the README.database file for more
> information
> > about configuring
> > # and using this plugin.
> > #
> > # output database: log, mysql, user=root
> > password=test dbname=db
> > host=localhost # output database: alert,
> postgresql, user=snort
> > dbname=snort # output database: log, odbc,
> > user=snort dbname=snort #
> > output database: log, mssql, dbname=snort
> user=snort
> > password=test
> > output database: log, mssql, dbname=snort
> user=snort
> > password=10gg3r
> > output database: alert, mssql, dbname=snort
> > user=snort password=10gg3r #
> > output database: log, oracle, dbname=snort
> > user=snort password=test
> > 
> > 
> > Here is the base output config:
> > 
> > 
> >  *  output plugin configuration.
> >  */
> > $alert_dbname   = "snort";
> > $alert_host     = "localhost";
> > $alert_port     = "";
> > $alert_user     = "base";
> > $alert_password = "111111";
> > 
> > /* Archive DB connection parameters */
> > $archive_dbname   = "archive";
> > $archive_host     = "localhost";
> > $archive_port     = "";
> > $archive_user     = "base";
> > $archive_password = "111111";
> > 
> > Let me know what I did wrong.  I am so
> overwhelming
> > with it.
> > 
> > Thanks,
> > 
> > Peter
> > 
> > --- "Briggs, Bruce" <Bruce.Briggs at ...13183...> wrote:
> > > Have you uncommented to appropriate output
> > database:  statement in
> > > snort.conf?
> > > 
> > > -----Original Message-----
> > > From: Peter Rodger
> [mailto:prodger2008 at ...131...]
> > > Sent: Thursday, April 14, 2005 10:06 AM
> > > To: Briggs, Bruce
> > > Cc: snort-users at lists.sourceforge.net
> > > Subject: RE: [Snort-users] Winsnort help needed!
> > > 
> > > Bruce,
> > > 
> > > Thanks for the reply.
> > > 
> > > > Did you set up IIS with the Console virtual
> > > > directory and set
> > > > base_main.php as the only Default Document?
> > > > 
> > > 
> > > YES.
> > > 
> > > I really do not know what's wrong.  I followed
> the
> > > exact steps as the Guide says.
> > > 
> > > If I do not have the slave sensors, I took out
> the
> > 
> > > sensor_name=HOSTNAME in snort.conf.  Is this
> > right?
> > > 
> > > Thanks for the help and hope that anyone can
> point
> > > me
> > > to the right direction.
> > > 
> > > Peter
> > > 
> > > 
> > > --- "Briggs, Bruce" <Bruce.Briggs at ...13183...>
> wrote:
> > > > Did you set up IIS with the Console virtual
> > > > directory and set
> > > > base_main.php as the only Default Document?
> > > > 
> > > > Bruce
> > > > 
> > > > -----Original Message-----
> > > > From: snort-users-admin at lists.sourceforge.net
> > > >
> [mailto:snort-users-admin at lists.sourceforge.net]
> > > On
> > > > Behalf Of Peter
> > > > Rodger
> > > > Sent: Wednesday, April 13, 2005 5:58 PM
> > > > To: snort-users at lists.sourceforge.net
> > > > Subject: [Snort-users] Winsnort help needed!
> > > > 
> > > > Hi,
> > > > 
> > > > I followed the installation guide for Windows
> 
=== message truncated ===



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more. 
http://info.mail.yahoo.com/mail_250


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list