Re: [Snort-users] [Snort-devel] Snort Configuration Problems
Michael Steele
I’ve seen this happen when the \ has been added to the tail if the configuration line. It must be removed in Windows.
When Snort is installed the folder ‘snort\lib\snort_dynamicrules’ is created, and there should be several files inside that folder.
Directory of c:\snort\lib\snort_dynamicpreprocessor
11/16/2012 02:40 PM 196,608 sf_dce2.dll
11/16/2012 02:41 PM 32,768 sf_dnp3.dll
11/16/2012 02:39 PM 24,576 sf_dns.dll
11/16/2012 02:39 PM 65,536 sf_ftptelnet.dll
11/16/2012 02:41 PM 36,864 sf_gtp.dll
11/16/2012 02:40 PM 192,512 sf_imap.dll
11/16/2012 02:41 PM 24,576 sf_modbus.dll
11/16/2012 02:41 PM 192,512 sf_pop.dll
11/16/2012 02:41 PM 32,768 sf_reputation.dll
11/16/2012 02:40 PM 32,768 sf_sdf.dll
11/16/2012 02:40 PM 45,056 sf_sip.dll
11/16/2012 02:39 PM 208,896 sf_smtp.dll
11/16/2012 02:39 PM 24,576 sf_ssh.dll
11/16/2012 02:39 PM 28,672 sf_ssl.dll
14 File(s) 1,138,688 bytes
If listing the Snort files and folders is a problem, try uninstalling Snort, and reinstalling. If file and folder problems persist there might be a hardware issue.
Best regards,
Michael...
WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
* Visit Us @ http://www.winsnort.com *
* ~~ FREE WinIDS Snort installation guides ~~ *
* ~~ FREE support forums ~~ *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************
From: Natalie Woh [mailto:lunchi...@hotmail.com]
Sent: Sunday, December 30, 2012 1:24 AM
To: mich...@winsnort.com; snort...@lists.sourceforge.net
Subject: RE: [Snort-devel] Snort Configuration Problems
Hi Michael
Thank you for your reply.
I think I am missing some file. When I ran Snort in IDS mode, I got this message:
ERROR: c:\snort\etc\snort.conf(253) Could not stat dynamic module path "c:\snort
\lib\snort_dynamicrules": No such file or directory.
I hope to hear from you at your earliest convenience.
Thank you for your time.
Best Regards
Natalie
From: mich...@winsnort.com
To: lunchi...@hotmail.com; snort...@lists.sourceforge.net
Subject: RE: [Snort-devel] Snort Configuration Problems
Date: Sat, 29 Dec 2012 16:44:01 -0500
Natalie,
Original Line(s): dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory c:\snort\lib\snort_dynamicpreprocessor
Best regards,
Michael...
WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
* Visit Us @ http://www.winsnort.com *
* ~~ FREE WinIDS Snort installation guides ~~ *
* ~~ FREE support forums ~~ *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************
From: Natalie Woh [mailto:lunchi...@hotmail.com]
Sent: Wednesday, December 26, 2012 1:27 AM
To: snort...@lists.sourceforge.net
Subject: [Snort-devel] Snort Configuration Problems
Dear Sir/Mdm
I am experiencing problems configuring Snort.
I typed "dir" and got this message:
C:\Snort\bin>dir
Volume in drive C has no label.
Volume Serial Number is 4EC9-0980
Directory of C:\Snort\bin
05/12/2012 02:47 PM <DIR> .
05/12/2012 02:47 PM <DIR> ..
24/06/2010 09:58 PM 54,784 npptools.dll
02/11/2010 02:16 AM 274,489 ntwdblib.dll
02/11/2010 02:16 AM 262,226 Packet.dll
03/12/2003 11:22 PM 94,208 pcre.dll
01/08/2012 01:34 AM 1,167,360 snort.exe
02/11/2010 02:16 AM 53,326 WanPacket.dll
25/06/2010 01:41 AM 258,126 wpcap.dll
28/01/2010 05:50 AM 73,728 zlib1.dll
8 File(s) 2,238,247 bytes
2 Dir(s) 229,230,264,320 bytes free
While running Snort in IDS mode, I got this message:
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "C:\Snort\etc\snort.conf"
PortVar 'HTTP_PORTS' defined : [ 80:81 311 591 593 901 1220 1414 1830 2301 2381
2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088
8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9999 11371 555
55 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined : [ 80:81 110 143 311 591 593 901 1220 1414 1
830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8
028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9
999 11371 55555 ]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-Full-Q
Split Any/Any group = enabled
Search-Method-Optimizations = enabled
Maximum pattern length = 20
ERROR: C:\Snort\etc\snort.conf(247) Could not stat dynamic module path "c:snort\
lib\snort_dynamicpreprocessor": No such file or directory.
Fatal Error, Quitting..
Could not create the registry key.
I hope to hear from you at your earliest convenience.
Thank you for your time.
Best Regards
Natalie
Michael Steele
It appears not to find interface 2. From an open CMD window type ‘c:\snort\bin\snort –W’ (less the outside quotes), and tap the enter key.
Make sure you are selecting the correct interface.
Example: c:\snort\bin\snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1
Best regards,
Michael...
WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
* Visit Us @ http://www.winsnort.com *
* ~~ FREE WinIDS Snort installation guides ~~ *
* ~~ FREE support forums ~~ *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************
From: Natalie Woh [mailto:lunchi...@hotmail.com]
Sent: Wednesday, January 02, 2013 3:14 AM
To: mich...@winsnort.com
Subject: RE: [Snort-devel] Snort Configuration Problems
Hi Michael
Thank you for the reply.
The \ was not added to the tail of the configuration line.
I have tried re-installing snort and even installing snort in another computer however, I am still unable to get it configured successfully.
Error Message from snort in the new computer:
C:\Snort\bin>snort -W
,,_ -*> Snort! <*-
o" )~ Version 2.9.4-WIN32 GRE (Build 40)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-t
eam
Copyright (C) 1998-2012 Sourcefire, Inc., et al.
Using PCRE version: 8.10 2010-06-25
Using ZLIB version: 1.2.3
Index Physical Address IP Address Device Name Description
----- ---------------- ---------- ----------- -----------
C:\Snort\bin>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 2
ERROR: Invalid device number: 2.
Fatal Error, Quitting..
Could not create the registry key.
I hope to hear from you at your earliest convenience.
Thank you for your time.
Best Regards
Natalie
Michael Steele
Sorry,
It appears you might not have WinPcap installed. Go to WinSnort.com and frollw one of the guided installs to get Snort installed and functioning up to using the –W switch.
Best regards,
Michael...
WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
* Visit Us @ http://www.winsnort.com *
* ~~ FREE WinIDS Snort installation guides ~~ *
* ~~ FREE support forums ~~ *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************
