Snort mailing list archives
Re: windows 2k interface cmd in conf
From: Kevin Reiter <tux () penguinnetwerx net>
Date: Thu, 07 Jul 2005 17:11:35 -0400
Turnquist,Wayne wrote:
-----Original Message----- From: Kevin Reiter [mailto:tux () penguinnetwerx net] Sent: Thursday, July 07, 2005 11:27 AM To: Turnquist,Wayne Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] windows 2k interface cmd in conf Turnquist,Wayne wrote:I'm going to try to give more info on the problesm im having. it might be related to the issue that some things do not work on a windows platform im running snort 2.3.3 build14, windows 2000sp4 with all patches The following is my interfaces Interface Device Description ------------------------------------------- 1 \Device\NPF_{B0854404-E184-4C71-BF94-A9AC89652F9D} (3Com EtherLink PCI) 2 \Device\NPF_{EDC2BF31-1A4B-42A4-A673-A6B0FA4973DD} (NETGEAR FA311/FA312 PCI Adapter ) 3 \Device\NPF_{C4B1BE55-F031-47D4-B11A-228E43D48C0D} (NETGEAR FA311/FA312 PCI Adapter ) 4 \Device\NPF_{0D050718-9C12-498B-B3CF-A34D4B09321D} (NETGEAR FA310TX Fast Ethernet PCI Adapter) The following is my current command for snort which has been working for months snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -i 2 -s --------------------------------------------------------------------------------- im trying to use the config interface command in the snort.conf file with the following command snort -c "d:\ids2\snort-1\rules\snort.conf" -l "d:\ids2\snort-1\log" -s and with the following in the snort.confconfig interface: pp where i have replace pp with 2, eth2, xl2you have to call the interfaces by the number, not the name, such as -i1 -i2 -i3 etc. on the commandline ONLY - it won't work by trying to include it in your snort.conf.I've been using Snort on W2k for awhile now, and I haven't noticed anything being "broken".do you know how to use the config logdir: or does that also have to be on the commandline ONLY
commandline only, unless you're going to log to a syslog server, log tcpdump info, log Snort unified binary format, or a different method of logging altogether. Read through your snort.conf for more details/examples for logging, or refer to the included docs in the snort\doc directory.
------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- windows 2k interface cmd in conf Turnquist,Wayne (Jul 06)
- Re: windows 2k interface cmd in conf Matt Kettler (Jul 06)
- <Possible follow-ups>
- RE: windows 2k interface cmd in conf Turnquist,Wayne (Jul 07)
- Re: windows 2k interface cmd in conf Kevin Reiter (Jul 07)
- RE: windows 2k interface cmd in conf Michael Steele (Jul 07)
- RE: windows 2k interface cmd in conf Turnquist,Wayne (Jul 07)
- Re: windows 2k interface cmd in conf Kevin Reiter (Jul 07)
- RE: windows 2k interface cmd in conf Turnquist,Wayne (Jul 08)