RE: [Snort-users] windows 2k interface cmd in conf

I'm going to try to give more info on the problesm im having. it might =
be related to the issue that some things do not work on a windows =
platform

im running snort 2.3.3 build14, windows 2000sp4 with all patches

The following is my interfaces

Interface Device Description
-------------------------------------------
1 \Device\NPF_{B0854404-E184-4C71-BF94-A9AC89652F9D} (3Com EtherLink =
PCI)
2 \Device\NPF_{EDC2BF31-1A4B-42A4-A673-A6B0FA4973DD} (NETGEAR =
FA311/FA312 PCI Adapter )
3 \Device\NPF_{C4B1BE55-F031-47D4-B11A-228E43D48C0D} (NETGEAR =
FA311/FA312 PCI Adapter )
4 \Device\NPF_{0D050718-9C12-498B-B3CF-A34D4B09321D} (NETGEAR FA310TX =
Fast Ethernet PCI Adapter)

The following is my current command for snort which has been working for =
months

snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -i =
2 -s
-------------------------------------------------------------------------=
--------

im trying to use the config interface command in the snort.conf file
with the following command
snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -s

and with the following in the snort.conf
config interface: pp=20
where i have replace pp with 2, eth2, xl2

but keep getting the following error

ERROR: openpcap() device pp open:
error opening adapter the system cannot find the file specified

what should i use in place of pp? or is this broken on 2000


--------------------------------------------------------------------

i have also tried to use the config logdir
with the command line snort -c "d:\ids2\snort-1\rules\snort.conf" -i 2 =
-s

config logdir: d:\ids2\snort-1\log
i also have tried "d:\ids2\snort-1\log", d:/ids2/snort-1/log, =
"d:/ids2/snort-1/log" snort-1\log

but get the following error
ERROR: openalertfile() =3D> fopen() alert file log/alert.ids: no such =
file or directory

what am i doing wrong or is this boken in 2000

i hope i defined my problems clearly. let me know if i need to send more =
info
thanks
wt


-----Original Message-----
From: Matt Kettler [mailto:mkettler@evi-inc.com]
Sent: Wednesday, July 06, 2005 11:28 AM
To: Turnquist,Wayne
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] windows 2k interface cmd in conf


Turnquist,Wayne wrote:
> As of right now i have snort working with the command switch -i 2
>=20
>=20
> Snort complains when i add the 2 to the command inside the snort.conf =
file.

How did you do this? Be exact.

> What do is use instead?

AFAIK You can't specify an interface to listen on in snort.conf, on any
platform. Period. You must specify this on the command line. It's the =
only way.



In general most of the command line options are only commandline =
options, for
example the -h "home net" command line option is NOT the same as "var =
HOME_NET"
in your snort.conf. They work very differently, although both commonly =
have the
same value.





-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users