RE: [Snort-users] windows 2k interface cmd in conf

What are you doing...?

Try this as the command line:

CD to the folder that has snort, then type:

snort -c d:\ids2\snort-1\rules\snort.conf -l d:\ids2\snort-1\log -i2

Make SURE the snort.conf file is in the correct folder and the log =
folder is
created.

Why are you adding switches before you even get it working? Why are you
adding quotes to the run line...? Get the basics working first, then =
modify
the switches and snort.conf.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support@winsnort.com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of
Turnquist,Wayne
Sent: Thursday, July 07, 2005 7:35 AM
To: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] windows 2k interface cmd in conf

I'm going to try to give more info on the problesm im having. it might =
be
related to the issue that some things do not work on a windows platform

im running snort 2.3.3 build14, windows 2000sp4 with all patches

The following is my interfaces

Interface Device Description
-------------------------------------------
1 \Device\NPF_{B0854404-E184-4C71-BF94-A9AC89652F9D} (3Com EtherLink =
PCI)
2 \Device\NPF_{EDC2BF31-1A4B-42A4-A673-A6B0FA4973DD} (NETGEAR =
FA311/FA312
PCI Adapter )
3 \Device\NPF_{C4B1BE55-F031-47D4-B11A-228E43D48C0D} (NETGEAR =
FA311/FA312
PCI Adapter )
4 \Device\NPF_{0D050718-9C12-498B-B3CF-A34D4B09321D} (NETGEAR FA310TX =
Fast
Ethernet PCI Adapter)

The following is my current command for snort which has been working for
months

snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -i =
2 -s
-------------------------------------------------------------------------=
---
-----

im trying to use the config interface command in the snort.conf file
with the following command
snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -s

and with the following in the snort.conf
config interface: pp=20
where i have replace pp with 2, eth2, xl2

but keep getting the following error

ERROR: openpcap() device pp open:
error opening adapter the system cannot find the file specified

what should i use in place of pp? or is this broken on 2000


--------------------------------------------------------------------

i have also tried to use the config logdir
with the command line snort -c "d:\ids2\snort-1\rules\snort.conf" -i 2 =
-s

config logdir: d:\ids2\snort-1\log
i also have tried "d:\ids2\snort-1\log", d:/ids2/snort-1/log,
"d:/ids2/snort-1/log" snort-1\log

but get the following error
ERROR: openalertfile() =3D> fopen() alert file log/alert.ids: no such =
file or
directory

what am i doing wrong or is this boken in 2000

i hope i defined my problems clearly. let me know if i need to send more
info
thanks
wt


-----Original Message-----
From: Matt Kettler [mailto:mkettler@evi-inc.com]
Sent: Wednesday, July 06, 2005 11:28 AM
To: Turnquist,Wayne
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] windows 2k interface cmd in conf


Turnquist,Wayne wrote:
> As of right now i have snort working with the command switch -i 2
>=20
>=20
> Snort complains when i add the 2 to the command inside the snort.conf
file.

How did you do this? Be exact.

> What do is use instead?

AFAIK You can't specify an interface to listen on in snort.conf, on any
platform. Period. You must specify this on the command line. It's the =
only
way.



In general most of the command line options are only commandline =
options,
for
example the -h "home net" command line option is NOT the same as "var
HOME_NET"
in your snort.conf. They work very differently, although both commonly =
have
the
same value.





-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=3Dick
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=3Dort-users





-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users