Re: RE: Installing SNORT 1.8.3 on win2k server

[Dragos Ruiu <dr () kyx net>]

This advice from Michael is incorrect.

The latest version of pcap is superior in stability to the old one.

Sorry to dissapoint Michael and the guys at silidef, but this does
not look like a problem with the installer.

You are seeing this error message because of some of the settings
in IDScenter.  When I built the combined Win32 installer that is 
distributed on snort.org, I tried to compensate for new users by
preloading some registry keys with common default values and settings
for IDScenter so it might have a hope of working out of the box
without configuration.  This falls short in some areas (like if you
have your Program Files directory on a drive other C: for instance)
and you may have to fiddle with the IDScenter settings to make 
it work for your particular setup (which you would have had to do 
anyway if you had installed the components yourself separately).
I am trying to further improve some of these settings on the next 
release of the Win32 installer which will be out released after
some more testing.

Though I cannot ascertain exactly what settings are incorrect 
from your error message, I would suspect  you might want to look
at what you might have your interface setting at under the IDScenter
general setup screen.

Send me some e-mail directly and I can try to help you work through 
this issue.

Another option you might want to try is debugging your setup using
the command line version of snort. Send me some more information 
about your ssetup and results and let's see what we can figure out 
about your problem.

cheers,
--dr

On Mon, 11 Mar 2002 18:56:00 -0800
"Michael Steele" <michaels () silicondefense com> wrote:

> YP,
>
>  
>
> This is an installation from Sourcefire. You might want to contact Marty
> and find out why?  I would be more then happy to help you if you were
> using the installation documentation written by me located on our
> website as I have never installed the Sourcefire installation. It's
> usually a problem with WinPcap. You might try going back one version
> (2.2 Non Beta). 
>
> - Mike
>
> Commercial Snort Support <<->> 1.866.41.SNORT
> Silicon Defense -- <www.silicondefense.com>
> Home of the new SENTRUS Snort sensor!
> Michael Steele - Snort Support Technician
>
> -----Original Message-----
> From: Y P Chien [mailto:ypchien () ssi com] 
> Sent: Monday, March 11, 2002 4:30 PM
> To: michaels () silicondefense com
> Subject: Installing SNORT 1.8.3 on win2k server
>
>  
>
> Dear Sir: 
>
> I saw your email address and post replies on Snort discussion forum. 
>
> It seems that I have the similar problems that most users have with
> installing Snort on Win2K system. 
>
> I am trying to install Snort on a Win2K server with SP2.  I am using
> WinPcap 2.3 beta.  I am getting the following errors:
>
> Initializing Network Interface \ 
> ERROR: OpenPcap() FSM compilation failed: 
>         syntax error 
> PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program
> Files\Sourcefire\Snort -A full -h any 
> Fatal Error, Quitting.. 
>
> Please help. 
>
> YP 


-- 
--dr                  pgpkey: http://dragos.com/dr-dursec.asc
      CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users