logo
bgImage
http://www.winsnort.com


Welcome to the home of WinIDS - Windows Intrusion Detection System!
header

Thank you for visiting WINSNORT.com

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in

No BASE logging
WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 » WinIDS - IIS 5.5 Web Server with MySQL Database Support
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
HithOffline
Post subject: No BASE logging  PostPosted: Jan 19, 2007 - 01:39 PM



Joined: Jan 19, 2007

Posts: 2

Status: Offline
Greetings!

I just installed Snort and BASE using the newest AIO package. I used this guide:

http://www.winsnort.com/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=2&page=1

When I go to http://winids/base I see no statistics being recorded. I tested out snort with this command:

D:\win-ids\snort\bin>snort -c d:\win-ids\snort\etc\snort.conf -l d:\win-ids\snort\log -i2 -T

Unfortunately, it gave me zero errors (which leaves me with my hands in the air). I am kinda lost at this point.

Any pointers? Questions?

Thanks so much in advance,

-Hith
 
 View user's profile Send private message  
Reply with quote Back to top
MorpheusOffline
Post subject: RE: No BASE logging  PostPosted: Jan 19, 2007 - 08:09 PM
Site Admin


Joined: Sep 04, 2003
East Coast - USA
Posts: 1463
Location: East Coast - USA
Status: Offline
Check this post out:
http://www.winsnort.com/index.php?name=PNphpBB2&file=viewtopic&t=747

_________________
Best regards,
Morpheus...

WINSNORT.com Management
 
 View user's profile Send private message Visit poster's website MSN Messenger  
Reply with quote Back to top
HithOffline
Post subject:   PostPosted: Jan 20, 2007 - 06:06 AM



Joined: Jan 19, 2007

Posts: 2

Status: Offline
Son of a gun, I'm sorry I wasted your time.

I'm sure I'll be back later, with plenty of n00b-type questions. I think, in the snort.conf file, the "\" symbol at the end of a line is a sort of "no halt on errors" thing.

I was adding that to every line of the config that was giving me problems.

By the way, a great tool to edit these config files is a tool called textpad. You can view line numbers, which makes it very easy to see exacly where the config file is causing problems.

Of course, if you're an experimenting fool, like myself, you'll find yourself in deep trouble, and need to start from scratch.

Until later today (I'm sure of it).

-Cheers!
 
 View user's profile Send private message  
Reply with quote Back to top
MorpheusOffline
Post subject:   PostPosted: Jan 20, 2007 - 06:17 AM
Site Admin


Joined: Sep 04, 2003
East Coast - USA
Posts: 1463
Location: East Coast - USA
Status: Offline
Thats a UNIX discreptor telling the script to process the next line. Snort will handle these. You could actually remove all the back slashes but you would need to move the next line up.

Example:

This is a test on /
snort.

If the back slash was removed the line would need to be:

This is a test on snort.

_________________
Best regards,
Morpheus...

WINSNORT.com Management
 
 View user's profile Send private message Visit poster's website MSN Messenger  
Reply with quote Back to top
justin0469Offline
Post subject:   PostPosted: Aug 26, 2007 - 09:43 AM



Joined: Aug 26, 2007

Posts: 2

Status: Offline
I was having the same issue. I went to the link Morpheus provided and the test rules showed alerts on BASE. So I am assuming that means all is good, just there are no alerts to show using the normal rules?
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT -5 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 »  WinIDS - IIS 5.5 Web Server with MySQL Database Support

Powered by PNphpBB2 © 2003-2009. The PNphpBB2 Team
www.eventloganalyzer.com