Snort mailing list archives
Snort 2.1.x support on Win32
From: "Koski, Brian" <bkoski () ci citrus-heights ca us>
Date: Tue, 15 Jun 2004 16:08:26 -0700
FYI - for some of you having issue with the newer versions of Snort on Win2k/XP... 1) Make sure you have installed WinCap v3.0 2) If you updated Snort i.e. 2.1.2 or 2.1.3 from realier versions, you need to use the new snort.conf file and remodify it. There are changes in the file - such as http_decode is now http_inspect: preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500 ... the snort test will balk at the "global" if you don't reconfigure for this; also make user you have the unicode/map file in the path. (Best approach I have found is to turn off http_decode in IDSCenter and edit/add the appropriate http_inspect parameters). Refer to the new Snort documentation. 3) IDSCenterRC4 DOES run with Snort 2.1.3... IF you don't reload your old - pre2.1.x config. (see above) Hope this helps. Brian Koski Principal I.T. Analyst City of Citrus Heights Work: 916-727-4735
Current thread:
- Snort 2.1.x support on Win32 Koski, Brian (Jun 21)
- Re: Snort 2.1.x support on Win32 Rich Adamson (Jun 21)
- <Possible follow-ups>
- RE: Snort 2.1.x support on Win32 Rich Adamson (Jun 22)