Snort mailing list archives
RE: Starting out: Question
From: "Madziarczyk, Jonathan" <than () cityofevanston org>
Date: Thu, 29 Nov 2001 14:05:17 -0600
The GUIs (like acid, snortsnarf and the like) are typically used for sorting the data that Snort picks up and wants to alert you on. They're just flashy front ends for the most part (no spam please, guys) ;-) In the Win32 port of Snort, the documentation sets you up so that Snort is a NT/2000 service (Accessible from NT in Control Panel/services, from 2000 in Administrative Tools/Services). If you read the documentation I noted previously you will see a walk through of running Snort from a command line (dos prompt). This is essentially what the starting and stopping of the service in NT/2000 does (This is also where that registry key gets used to add variables to this process). The registry key is an actual NT/2000 registry key and can be accessed by running Regedit or regedt32 from Start/Run. (Note: Messing with the registry improperly can make your system unusable or other bad stuff like that). (HKLM is HKeyLocalMachine) Take some time to RTM and it will start to make sense what's going on in the back end. Peace, JonM --"To err is human, to blame it on someone else shows serious management potential." -----Original Message----- From: Brian Ertel [mailto:bsertel () amherst edu] Sent: Thursday, November 29, 2001 1:45 PM To: 'Madziarczyk, Jonathan' Subject: RE: [Snort-users] Starting out: Question Thank you Jon, Do you use the IDS GUI? Is that where I should be looking to launch this from or am I totally in the wrong place. I do not know where to locate the registry key... ---------------------------------- Brian Ertel Systems & Networking Amherst College Voice: 413-542-8320 Fax: 413-542-2626 bsertel () amherst edu ---------------------------------- -----Original Message----- From: Madziarczyk, Jonathan [mailto:than () cityofevanston org] Sent: Thursday, November 29, 2001 2:29 PM To: Snort (E-mail) Subject: RE: [Snort-users] Starting out: Question Brian, I assume you've read the links here: http://www.snort.org/documentation.html#win32 and already have Snort installed. Mr. Roesch has some great documentation on the process for installing onto the Win32 platform. If you're asking what I think you are, you're trying to find out where to enter specific command line parameters for running Snort. If you followed the install above you should have a registry key similar to below: HKLM\SYSTEM\CurrentControlSet\Services\Snort\Parameters\"AppParameters" The "AppParameters" key is where I enter my command line parameters and it works for me. For what parameters you want or need, the standard Snort documentation should be sufficient. Happy Snorting! JonM -----Original Message----- From: Brian Ertel [mailto:bsertel () amherst edu] Sent: Thursday, November 29, 2001 12:44 PM To: Snort (E-mail) Subject: [Snort-users] Starting out: Question Hello, I am bringing up snort on a W2k Prof. box. The faq or the doc. neither specify exactly how to exactly begin. Where are commands entered and such. I am open to RTFM if you can tell me where to get these specific instructions. Regards, ---------------------------------- Brian Ertel Systems & Networking Amherst College Voice: 413-542-8320 Fax: 413-542-2626 bsertel () amherst edu ---------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Starting out: Question Brian Ertel (Nov 29)
- RE: Starting out: Question Michael Steele (Nov 29)
- <Possible follow-ups>
- RE: Starting out: Question Madziarczyk, Jonathan (Nov 29)
- RE: Starting out: Question Madziarczyk, Jonathan (Nov 29)