Manually Installing an Apache2 Web Server logging events to a MySQL Database Latest Topics

500 Internel server error trying to open http://winids

Tue, 10 Dec 2019 17:09:06 +0000

Thanks in advance

referenced 500 Internal Server Error when trying to open ''test.php'' with no luck

OS: Win 10 (Not Activated) Intel core Duo 4Gb RAM

Using WinIDS Apache 2 with MySQL tutorial

Used MBSA before winIDS process and after did not notice a change in report

Per registry net frame work is up to date

I was able to see the test.php page and all other test completed per tutorial

Barnyard2 shows a flow of packets

Attaching php.ini and httpd.conf

This is the first time installing all these tools any help is appreciated.

By the way these tutorials are awesome.

php.ini

httpd.conf

Error Alert could not be found in acid_event.

Thu, 16 May 2019 06:38:03 +0000

sorry to bother you all, i trying to check arp spoofing on my winids system so i'm active the prepocrule used to detect arp spoofing. the rule look like this :

alert ( msg: "ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK"; sid: 4; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )

and it work it shown and give alert on barnyard2 & visual syslog server it give alert like this :

05/16-13:31:06.553294 [**] [112:4:1] spp_arpspoof: ARP Cache Overwrite Attack [**]

but the alert can't show on BASE it give error on BASE, the error look like this :

"D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:776: ERROR:
3 alerts have NOT found their way into acid_event with sid = 4"
"D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:521: ERROR: Alert "4 - 9618" could NOT be found in acid_event"

what should i do to fix the error and make the alert can shown on BASE?

thank you so much

- Fahmi

Winids security console don't show any alert for icmp and udp protocols

Fri, 10 May 2019 06:46:08 +0000

Hello everyone, sorry to bother you.I'm following the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10 and it work, i can access the 'http://winids' on my browser. But i'm realize that my winids console dont show any alert for icmp and udp packet, so what i need to do to make the winids security console can work with icmp and udp packet. thank you so much.

winids's server IP address can not be found when starting security console

Sun, 10 Mar 2019 05:41:46 +0000

Hello everyone, sorry to bother you. Yesterday i'm following the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10 and it work, i can access the 'http://winids' on my browser. But today i cant access it.

I can't even start Apache2.4 and error messages like this always appear.

and when i test the barnyard config file, it show that "unknown mysql server host 'winids'.

what should i need to do so i can access the http://winids again?

thank you so much and sorry to bother you all.

Cannot Configuring Graphing for WinIDS security console

Wed, 06 Mar 2019 08:44:28 +0000

Hi everyone,

im novice about windows ids, and i need it to complete my bachelor thesis. so i have follow every single part of the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10. But when i get to the part "Configuring Graphing for the Windows Intrusion Detection Systems (WinIDS) Security Console" i cannot find the file graphing.zip . Where i can downloaded it, because i dont find it on tutorial?

what should i do to resolve the problem?

Sorry to bother you, Thank you everyone and have a nice day.

500 Internal Server Error when trying to open ''test.php''

Wed, 27 Feb 2019 09:39:01 +0000

Hi everyone,

im really novice about windows ids, so i have follow every single part of the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus. but when i get to the part Testing Apache2, and the PHP installation, i got the 500 internal server error when trying to open 'http://winids/test.php' on my web browser.

what should i do to resolve the problem?

Thank you everyone and have a nice day.

What is switch x for Adding Snort to Windows Servis Database

Thu, 28 Feb 2019 12:15:43 +0000

Sorry to bother you again. i have another problem with this part.

i don't know what number to replace the 'x'. is there a way to know I have to replace 'x' with what index number. Thank you very much.

Base Configuration Error

Sun, 04 Mar 2018 07:55:49 +0000

Why I got this error during BASE installation? Do I have something that I miss or wrong configuration?? anyone know any solution pls let me know

Strict Standards: Declaration of MultipleElementCriteria::SanitizeElement() should be compatible with BaseCriteria::SanitizeElement() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 292

Strict Standards: Declaration of MultipleElementCriteria::PrintForm() should be compatible with BaseCriteria::PrintForm() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.phpon line 292

Strict Standards: Declaration of MultipleElementCriteria::AddFormItem() should be compatible with BaseCriteria::AddFormItem() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 292

Strict Standards: Declaration of MultipleElementCriteria::SetFormItemCnt() should be compatible with BaseCriteria::SetFormItemCnt() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 292

Strict Standards: Declaration of ProtocolFieldCriteria::Description() should be compatible with BaseCriteria::Description() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 337

Strict Standards: Declaration of TimeCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 932

Strict Standards: Declaration of IPAddressCriteria::SanitizeElement() should be compatible with MultipleElementCriteria::SanitizeElement($i) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1109

Strict Standards: Declaration of IPAddressCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1109

Strict Standards: Declaration of IPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1152

Strict Standards: Declaration of IPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1152

Strict Standards: Declaration of TCPPortCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1190

Strict Standards: Declaration of TCPPortCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1190

Strict Standards: Declaration of TCPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1234

Strict Standards: Declaration of TCPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1234

Strict Standards: Declaration of UDPPortCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1361

Strict Standards: Declaration of UDPPortCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1361

Strict Standards: Declaration of UDPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1398

Strict Standards: Declaration of UDPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1398

Strict Standards: Declaration of ICMPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1438

Strict Standards: Declaration of ICMPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1438

Strict Standards: Declaration of DataCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1634

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php:1361) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_auth.inc.php on line 331

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php:1361) in C:\xampp\htdocs\SnortV2\base-1.4.5\index.php on line 53

Mysql archive database table error

Fri, 06 Oct 2017 17:35:40 +0000

Everything seems to work I have the system up but when I go to the http://winids/ url, the page loads but I receive the error

"Database ERROR"Database ERROR: Table'archive.acid_event' doesn't exist.

I connect with sql developer to verify and it indeed doesn't. Do I need to run the MySQL_ configuration again for the archive database? or can I manually add the tables and row column data? can someone provide the steps to do that?

thanks so much.. really looking forward to using this system I have been severely compromised on my home network and This is the final piece to hardening my home network.

Snort and ids Comparism

Sun, 30 Jul 2017 15:58:02 +0000

I'm supposed to compare SNORT, Suricata, OSSIM, and OpenVAS, based on the strategy for intrusion detection. Can you help?

Snort for Windows

Fri, 05 May 2017 06:36:37 +0000

I want to install snort for my windows 10.

snort +base +barnyard2 +apache2.4+php

After i install barnyard. i test it . then i got this

database mysql_error: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2 "No such file or directory")

this error is not for windows. it is in linux is it?

now i do not know how to deal with it.

hope someone can help me

403 error when connectiing to security console

Tue, 25 Apr 2017 09:57:32 +0000

I completed every installation procedure successfully. However, when I try to connect to "http://winids" , I get a 403 error: The web page declined to show this webpage.

Is there a permission error that I need to correct? Or what setting did I fail to modify correctly.

Thanks,

Greg

Barnyard2 only showing local traffic and broadcasts.

Fri, 19 Aug 2016 08:36:42 +0000

WinIs is now up and working fine. No system errors or problems.

Nice system!

But it seems that i don't see any packet from other computers.

What can be wrong?

I see traffic to/ from the WinIds PC and some broadcasts but nothing else.

The WInPCap is supposed to handle this. Is there any further config that needs to be done?

I have 2 PCs connected to a small switch, wich in turn is connected to the corp network.

I can see no traffic to the other PC.

Api-ms-win-crt-runtime-I1-1-0.dll is missing

Fri, 12 Aug 2016 11:43:54 +0000

I have Reach this point in the tutorial and everything has tested fine so far.

Adding Apache2 to the Windows Services Database

When running command: d:\winids\apache24\bin\httpd.exe -k install

I get the: api-ms-win-crt-runtime-I1-1-0.dll is missing on the computer..... error.

Command stops executing.

I read another post With similar problems.

Uninstalled vcredist-2015_x64.exe and reinstalled.

Ran the modder.vbs script. (It does not take several minutes. Less than one I Guess.)

When reinnstalling vcredist-2015_x64.exe the above mentioned error shows up at the end.

Here is an except from the install log.

[13C8:13CC][2016-08-12T13:29:40]i325: Registering dependency: {3ee5e5bb-b7cc-4556-8861-a00a82977d6c} on package provider: Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14, package: vcRuntimeAdditional_x64
[13C8:13CC][2016-08-12T13:29:40]i301: Applying execute package: Windows81_x64, action: Install, path: C:\ProgramData\Package Cache\3ACBF3890FC9C8A6F3D2155ECF106028E5F55164\packages\Patch\x64\Windows8.1-KB2999226-x64.msu, arguments: '"C:\Windows\SysNative\wusa.exe" "C:\ProgramData\Package Cache\3ACBF3890FC9C8A6F3D2155ECF106028E5F55164\packages\Patch\x64\Windows8.1-KB2999226-x64.msu" /quiet /norestart'
[13C8:13CC][2016-08-12T13:29:40]e000: Error 0x80240017: Failed to execute MSU package.
[13E0:13E4][2016-08-12T13:29:40]e000: Error 0x80240017: Failed to configure per-machine MSU package.
[13E0:13E4][2016-08-12T13:29:40]i319: Applied execute package: Windows81_x64, result: 0x80240017, restart: None
[13E0:13E4][2016-08-12T13:29:40]e000: Error 0x80240017: Failed to execute MSU package.
[13C8:13CC][2016-08-12T13:29:40]i372: Session end, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}, resume: ARP, restart: None, disable resume: No
[13C8:13CC][2016-08-12T13:29:40]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}, resume: ARP, restart initiated: No, disable resume: No
[13E0:13E4][2016-08-12T13:29:41]i399: Apply complete, result: 0x80240017, restart: None, ba requested restart: No

Best regards

Bigjoe

ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory

Fri, 27 May 2016 14:27:16 +0000

Hello,

I am following the Installing an IIS Web Server Logging events to a mysql database and I am receiving the following error when testing my conf file:

ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory.

Fatal Error, Quitting..

My snort configuration file is configured as such

preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log }

any help would be greatly appreciated!

Thanks!

BASE bottom not updating

Mon, 19 Oct 2015 15:11:50 +0000

everything is working fine except the bottom of the front base screen where we select the issues:

any Ideas?

Base Will Not Update

Mon, 15 Sep 2014 23:28:53 +0000

Okay, this is the second time I've run into this. I had the exact same results when I did the install using IIS and MySQL.

I built by following line-for-line the posted instructions.
Barnyard, snort winsql checks were all successful.
Base starts up properly.
Base shows ONLY updates from the first day it was running

The base home page (and any other pages I open) shows the red 'events updated' message periodically in the upper part of the page. I get nothing, however, when I click on the menu items for Today's events or date limited searches. I'm guessing it has something to do with base configuration, but I don't know what it might be.

Any ideas are welcome, I'd be more than happy to try anything you can suggest.

Flonk

modder.vbs Win 8.1 enterprise

Fri, 01 Aug 2014 11:33:32 +0000

Cant get past: "Detecting Product Name" when running Modder.vbs

------------------------------------------------------------------------------------------------------------------

The OS Product Name is Windows 8.1 Enterprise, and is not supported!

Supported Product Names: Windows XP SP3 / 7 SP1 / 8.x, Server 2003 SP2 / 2008
SP2, 2012 R2

------------------------------------------------------------------------------------------------------------------

Right now i am rewriting modder.vbs

Open Source TG Download Link Broken

Mon, 28 Jul 2014 17:01:42 +0000

Just FYI the link to download for the "Rules Documentation (opensource.tgz)" link is broken. It looks like the snort.org site moved it to this link

https://www.snort.org/downloads/community/opensource.tar.gzf

So just FYI on that. I got the file with no problem.

MSVCR110.dll missing during apache2 config

Tue, 22 Jul 2014 13:08:55 +0000

Dear team

after running following command to configure apache

d:\winids\apache24\bin\httpd.exe -k install

i get the error -

"Program can't start because MSVCR110.dll is missing from your system , Try reinstalling the program to fix this problem"

I tried reinstallingthe MS Visual C ++ redistributable - no improvement

kindly advise

thanks

dominic

DAQ ERROR on win7 32 bit ent

Sat, 19 Jul 2014 06:12:38 +0000

when i run this command,

d:winidssnortbinsnort -c d:winidssnortetcsnort.conf -l d:winidssnortlog –i1 -T

i get the following error

[ Number of patterns truncated to 20 bytes: 307 ]

pcap DAQ configured to passive.

The DAQ version does not support reload.

Acquiring network traffic from "DeviceNPF_{269A6487-19E1-42B4-A2B2-8A4494B3D49

6}".

ERROR: Can't set DAQ BPF filter to 'ûi1 -T' (ê¶O)!

Fatal Error, Quitting..

do we need to install DAQ? we have not missed any step in the tutorial.

thanks

Apache2 service error "service specific error occured:1 get help NET HELPMSG 3547"

Tue, 15 Jul 2014 08:16:12 +0000

Dear Morpheus,

i now have an issue with the apache service .

I made all the changes as recommended in the d:winidsapache24confhttpd.conf file and

ran the

d:/winidsapache24binhttp.exe -k

to add the apache 2 to the windows services database - this went through successfully - it first compained of a syntax error in httpd.conf which

was rectified and after the corection it installed the apache service

However when i give the command

net start apache2.4

i get an error "service specific error occured:1 get help NET HELPMSG 3547"

that in turn points to refer to the service document

Kindly please advise

sincere thanks

dominic

notepad2 and opensource.gz

Sun, 13 Jul 2014 20:14:18 +0000

hi ,

Very nice document , it is indeed exhaustive and I appreciate the effort and initiative put in by Michael.

few small issues I faced so far.

somehow the notpad2 did not get loaded

I downloaded and installed notepad++ it works fine

secondly the file available on snort.org is opensource.tgz , while the document refers to opensource.gz , I believe they are both the same

3rd - I am installing on a windows 2003 server - the modder.vbs script installs .NET 4 extended however when I tried to run tartools it failed complaining about the .NET environment , I had to go to enable windows features and then enable .NET after which the error went away.