Snort install - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Snort install

  1. #11
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I haven't run it on a Win32 platform so I cannot say that is an experience I've had. While running it under *nix platforms (FreeBSD and RH Linux) I barely notice it's existence. Could it be the libpcap causing the problem? Have you tried Windump to see if you get the same effect?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #12
    Junior Member
    Join Date
    Aug 2001
    Posts
    15
    Check out the web site www.silicondefense.com. They have a great site about SNORT, Snort On Linux and Snort Ported to Win2K. They also discuss IIs and apache for ACID


    MC

  3. #13
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    Cheers MsMittens I will look into it

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  4. #14
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I run Snort on several Win2000 boxes and it seems to run just fine. They have been up about 4 months and have a relatively small, (7-15%), CPU usage on average. Two in particular are "snorting" all the traffic inside and all the traffic outside a firewall that protects some 650 workstations and servers so, as you can imagine, that's a lot of traffic and the two machines are not really anything special, (1G AMD, 256 RAM and a PII 266 128Mb RAM).

    I use Demarc's Puresecure, (www.demarc.com), and use all it's features. This installs the current version of Snort, WinPCap and Puresecure itself. The install is quick and easy and only requires a reboot if WinPCap was not previously installed. It can run numerous sensors all logging to a central console, (which I like a lot). I also contains Host-based IDS that report to the main console and service monitoring that I use to check my routers, web sites, DNS and mail servers every 5 minutes.

    Try it..... you'll like it, (and for personal or non-commercial use the price is bang on - free.... )
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #15
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    Originally posted here by Tiger Shark
    My experience is with the Win32 version of Snort but it's pretty similar in the way they all interact I think.

    Snort is the data collector. It picks up everything on the wire and passes it through the rules. If the packet matches a rule it passes an alert to wherever you tell it in the output section of snort.conf. In your case you should have installed MySQL so that snort has somewhere to log it's alerts. MySQL is the data repository which holds all the alerts. But unless you are accomplished at MySQL you can't see much so you would use a program to show you the data in a nice readble format..... That's ACID..... a php based web application for reading snort logs on a MySQL server.

    That's why it seems you are adding so many programs. You need to bring up webadmin because the machine itself has to act as a server so that ACID can read the database and present the information you request.

    You could have snort simply dump everything to text files but, IME, have fun scooting around a dozen text files on a busy network to find out what is going on......
    so i oso need to install php into my linux box?
    BlAcKiE
    GearBlitz

  6. #16
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    If you want to use ACID, you will need PHP as it's built entirely using PHP.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •