Snort mailing list archives
RE: Winsnort help needed!
From: Peter Rodger <prodger2008 () yahoo com>
Date: Fri, 15 Apr 2005 07:34:12 -0700 (PDT)
Thanks for the help. Do you know that I have only one master sensor and do I need sensor_name= in the snort.conf? Another question, I need to monitor one class C network, var home_net should be 10.1.10.0/24 instead of 10.1.10.1/24, right? Welcome any help! Peter --- Joe Pope <POPEJ () WESTAT com> wrote:
I have three sensors and one admin interface. Maybe you want to try the Apache version, I just installed it a little while ago with Winsnort instructions and it worked like a charm, even Oinkmaster. One thing though. In their instructions, you must be exact! If they say to use "'s, you nee0d them or it will not work. Joe -----Original Message----- From: Peter Rodger [mailto:prodger2008 () yahoo com] Sent: Thursday, April 14, 2005 4:24 PM To: Joe Pope Subject: RE: [Snort-users] Winsnort help needed! Thanks for your help. Stll no luck for me after I put port number in. BTW, do you have slave sensor? I have only one master sensor and do I need sensor_name=WebZone(hostname)in snort.conf? Quite frustrated! Tnanks, Peter --- Joe Pope <POPEJ () WESTAT com> wrote:I use Apache/MySQL on my Win2003 and this worksforme: You might need to specify the PORT (default is3306)for MySQL Here is my output in snort.conf: output database: alert, mysql, user=snort password=XxXxXxXx dbname=snort host=127.0.0.1 port=3306 sensor_name=WebZone Here is my base config in base.conf: $alert_dbname = "snort"; $alert_host = "localhost"; $alert_port = "3306"; $alert_user = "base"; $alert_password = "baseXXXX"; /* Archive DB connection parameters */ $archive_exists = 1; # Set this to 1 if you have an archive DB $archive_dbname = "archive"; $archive_host = "localhost"; $archive_port = "3306"; $archive_user = "base"; $archive_password = "baseXXXX"; -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]OnBehalf Of Peter Rodger Sent: Thursday, April 14, 2005 2:28 PM To: Briggs, Bruce Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Winsnort help needed! Please see below the snort.conf and base config: Here is the snort.conf output config: # database: log to a variety of databases # --------------------------------------- # See the README.database file for moreinformationabout configuring # and using this plugin. # # output database: log, mysql, user=root password=test dbname=db host=localhost # output database: alert,postgresql, user=snortdbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snortuser=snortpassword=test output database: log, mssql, dbname=snortuser=snortpassword=10gg3r output database: alert, mssql, dbname=snort user=snort password=10gg3r # output database: log, oracle, dbname=snort user=snort password=test Here is the base output config: * output plugin configuration. */ $alert_dbname = "snort"; $alert_host = "localhost"; $alert_port = ""; $alert_user = "base"; $alert_password = "111111"; /* Archive DB connection parameters */ $archive_dbname = "archive"; $archive_host = "localhost"; $archive_port = ""; $archive_user = "base"; $archive_password = "111111"; Let me know what I did wrong. I am sooverwhelmingwith it. Thanks, Peter --- "Briggs, Bruce" <Bruce.Briggs () suny edu> wrote:Have you uncommented to appropriate outputdatabase: statement insnort.conf? -----Original Message----- From: Peter Rodger[mailto:prodger2008 () yahoo com]Sent: Thursday, April 14, 2005 10:06 AM To: Briggs, Bruce Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Winsnort help needed! Bruce, Thanks for the reply.Did you set up IIS with the Console virtual directory and set base_main.php as the only Default Document?YES. I really do not know what's wrong. I followedtheexact steps as the Guide says. If I do not have the slave sensors, I took outthesensor_name=HOSTNAME in snort.conf. Is thisright?Thanks for the help and hope that anyone canpointme to the right direction. Peter --- "Briggs, Bruce" <Bruce.Briggs () suny edu>wrote:Did you set up IIS with the Console virtual directory and set base_main.php as the only Default Document? Bruce -----Original Message----- From: snort-users-admin () lists sourceforge net[mailto:snort-users-admin () lists sourceforge net]OnBehalf Of Peter Rodger Sent: Wednesday, April 13, 2005 5:58 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Winsnort help needed! Hi, I followed the installation guide for Windows
=== message truncated === __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Winsnort help needed! Peter Rodger (Apr 13)
- Re: Winsnort help needed! Kevin Johnson (Apr 16)
- <Possible follow-ups>
- RE: Winsnort help needed! Briggs, Bruce (Apr 14)
- RE: Winsnort help needed! Peter Rodger (Apr 14)
- RE: Winsnort help needed! Briggs, Bruce (Apr 14)
- RE: Winsnort help needed! Michael Steele (Apr 14)
- RE: Winsnort help needed! Peter Rodger (Apr 14)
- RE: Winsnort help needed! Michael Steele (Apr 14)
- RE: Winsnort help needed! Peter Rodger (Apr 15)
- RE: Winsnort help needed! Briggs, Bruce (Apr 15)