RE: [Snort-users] windows 2k interface cmd in conf

This is a discussion on RE: [Snort-users] windows 2k interface cmd in conf within the Snort forums, part of the System Security and Security Related category; I have had snort running for a few months with the following command snort -c "d:\ids2\snort-1\...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page RE: [Snort-users] windows 2k interface cmd in conf

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 07-08-2005
Turnquist,Wayne
 
Posts: n/a
Default RE: [Snort-users] windows 2k interface cmd in conf
I have had snort running for a few months with the following command

snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -i2

I purchased a couple of snort books. I have been tweaking/playing with =
snort as i read the material. One section in the manual talked about =
setting command switches in the snort.conf file instead of the =
commandline. I was hoping to shorten the command line/keep all configs =
in the config file

in the section it said i could

config interface: eth2
config logdir: d:\ids2\snort-1\log

my book is at home so i can not give the book, page

i guess i will drop trying the config route and just keep my existing =
command switches and try it with out ""


thanks
wt

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net]On Behalf Of Michael
Steele
Sent: Thursday, July 07, 2005 7:02 PM
To: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] windows 2k interface cmd in conf


What are you doing...?

Try this as the command line:

CD to the folder that has snort, then type:

snort -c d:\ids2\snort-1\rules\snort.conf -l d:\ids2\snort-1\log -i2

Make SURE the snort.conf file is in the correct folder and the log =
folder is
created.

Why are you adding switches before you even get it working? Why are you
adding quotes to the run line...? Get the basics working first, then =
modify
the switches and snort.conf.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support@winsnort.com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of
Turnquist,Wayne
Sent: Thursday, July 07, 2005 7:35 AM
To: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] windows 2k interface cmd in conf

I'm going to try to give more info on the problesm im having. it might =
be
related to the issue that some things do not work on a windows platform

im running snort 2.3.3 build14, windows 2000sp4 with all patches

The following is my interfaces

Interface Device Description
-------------------------------------------
1 \Device\NPF_{B0854404-E184-4C71-BF94-A9AC89652F9D} (3Com EtherLink =
PCI)
2 \Device\NPF_{EDC2BF31-1A4B-42A4-A673-A6B0FA4973DD} (NETGEAR =
FA311/FA312
PCI Adapter )
3 \Device\NPF_{C4B1BE55-F031-47D4-B11A-228E43D48C0D} (NETGEAR =
FA311/FA312
PCI Adapter )
4 \Device\NPF_{0D050718-9C12-498B-B3CF-A34D4B09321D} (NETGEAR FA310TX =
Fast
Ethernet PCI Adapter)

The following is my current command for snort which has been working for
months

snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -i =
2 -s
-------------------------------------------------------------------------=
---
-----

im trying to use the config interface command in the snort.conf file
with the following command
snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -s

and with the following in the snort.conf
config interface: pp=20
where i have replace pp with 2, eth2, xl2

but keep getting the following error

ERROR: openpcap() device pp open:
error opening adapter the system cannot find the file specified

what should i use in place of pp? or is this broken on 2000


--------------------------------------------------------------------

i have also tried to use the config logdir
with the command line snort -c "d:\ids2\snort-1\rules\snort.conf" -i 2 =
-s

config logdir: d:\ids2\snort-1\log
i also have tried "d:\ids2\snort-1\log", d:/ids2/snort-1/log,
"d:/ids2/snort-1/log" snort-1\log

but get the following error
ERROR: openalertfile() =3D> fopen() alert file log/alert.ids: no such =
file or
directory

what am i doing wrong or is this boken in 2000

i hope i defined my problems clearly. let me know if i need to send more
info
thanks
wt


-----Original Message-----
From: Matt Kettler [mailto:mkettler@evi-inc.com]
Sent: Wednesday, July 06, 2005 11:28 AM
To: Turnquist,Wayne
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] windows 2k interface cmd in conf


Turnquist,Wayne wrote:
> As of right now i have snort working with the command switch -i 2
>=20
>=20
> Snort complains when i add the 2 to the command inside the snort.conf
file.

How did you do this? Be exact.

> What do is use instead?

AFAIK You can't specify an interface to listen on in snort.conf, on any
platform. Period. You must specify this on the command line. It's the =
only
way.



In general most of the command line options are only commandline =
options,
for
example the -h "home net" command line option is NOT the same as "var
HOME_NET"
in your snort.conf. They work very differently, although both commonly =
have
the
same value.





-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=3Dick
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=3Dort-users





-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar =
happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by =
HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=3Dort-users


-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 02:39 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0