I had been having some (That's a lie, I've been having lots) problems getting all these to play nice together, until I found this nifty guide:
http://www.astalavista.com/library/ids/win2ksnort.shtml
Maybe this will help someone else...
Printable View
I had been having some (That's a lie, I've been having lots) problems getting all these to play nice together, until I found this nifty guide:
http://www.astalavista.com/library/ids/win2ksnort.shtml
Maybe this will help someone else...
Groovicus, if you don't mind I'd like to add some links myself ;)
These documents can all be found at SNORT, but I figured I'd link them here for those lazy people :sleep:
Snort, Apache, PHP, MySQL, ACID on Redhat 9.0 Installation Guide
Snort, Apache, PHP, MySQL, ACID on Solaris 9 Installation Guide
Installing Freebsd, Mysql, and Snort Tutorial
ACID: Installation and Configuration
anyways..sorry if I stole your thread groovicus, but I just wanted to add some links that might help other people :D
laters.
Be my guest.. :)
The more the merrier!
heh, if you REALLY want to be lazy when using Snort in a windows based environment I recommend going to check out the folks over at Engage Security who make a couple of really nifty freeware products. One is IDS Center which feature Snort, Acid, mySQL, etc and the other one (that I think some of the newbies in security will really dig) is called Eagle X and is a completely preconfigured version of Snort with all the nice little plugins and front end with a lot of rules already done for you. Also it's a single executable that installs all the needed components for you... like I said, pretty nifty.
Wow Lv4, that's an awesome link!! Thank you.
Great links indeed. One thing to keep in mind, the builds indicate that they are RC (release candidates) so more than likey you are going to run into some bugs. None the less, I'll be keeping a close eye on these products.
--TH13
A year or so ago I used this and it workwed like a charm. I since dropped this setup for PureSecure . I like it better and it has some additional features such as integrity checking and status monitoring.... A handy little tool.
thehorse13 - yeah they are listed as RC but I have personally been using IDS Center since release .09 with no problems to speak of on a win2k pro box. I've got Eagle X 2.2 installed on a win2k server for testing purposes right now. The only problem I have found with that one is if you have multiple NICs in the machine and are running routing between them... for some reason that setup messes up the .conf file for Snort. I sent them an email on it and they are working to figure out why it is happening like that.
FWIW I have run IDS Center with multiple NICs and routing with no problems... it just seems the preconfigured version doesn't like it.