Morpheus

Try this one. barnyard2.conf

Attach your barnyard2.conf file.

In line 105 of your base_conf.php change: $$alert_user = 'base'; to $alert_user = 'base'; In line 434 of your base_conf.php change: $priority_colors = array('000000','FF0000','FF9900','FFFF00','999999'); to $priority_colors = array ('000000','FF0000','FF9900','FFFF00','999999');

The Windows Intrusion Detection System is probably plugged into a SWITCH. The Windows Intrusion Detection System needs to be plugged into a HUB with all the other PC's on the network, or if The Windows Intrusion Detection System is plugged into a SWITCH all the ports for the PC's to be monitored MUST be mirrored to the port The Windows Intrusion Detection System is plugged into. You could do this

You should have checked and verified the tables per the tutorial. The error states there is a problem with the archive database. Below is how to check the existence of the tables in the archive database. If the tables are missing then you might need to reinstall, and make sure that no steps are missed. Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\Operator>mysql -u root -pd1ngd0ng mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7 Server version: 5.7.18-log MySQL Community Server (GPL) Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> connect archive; Connection id: 8 Current database: archive mysql> show tables; +-------------------+ | Tables_in_archive | +-------------------+ | acid_ag | | acid_ag_alert | | acid_event | | acid_ip_cache | | base_roles | | base_users | | data | | detail | | encoding | | event | | icmphdr | | iphdr | | opt | | reference | | reference_system | | schema | | sensor | | sig_class | | sig_reference | | signature | | tcphdr | | udphdr | +-------------------+ 22 rows in set (0.00 sec) mysql>

Remember: The Windows Intrusion Detection Systems security console (BASE) will never work with PHP-7 Do not preform function if it's not detailed in the tutorial. The portscan.log will be created when it is needed.

Only use the versions that are detailed in the tutorial. There MIGHT be a failure by using newer/older versions. If you are using PHP 7.x then the BASE console will not work, and PHP is only installed for that one program. Note: It is possible to run multiple versions of PHP at the same time.

I have no idea what you are doing but you are working on a non-standard (not following tutorial) and it is really hard to diagnose problems. Note: PHP that is supported in the tutorial has extension=php_mysql as an option. There are a couple of solutions: Preform a complete reinstall and follow the tutorial. I am available for a one on support, and I guarantee to get it 100%. However, there is a $250 US fee and I would need remote access to the PC. Everything will be installed on one device, and the OS has to be one that is officially supported, and memory has to be a minimum of 3 gigs for non-server and 6 gigs for server.

This has been fixed in the current version. To fix this: Open a CMD window and type 'cd /d d:\winids\php' (less the outside quotes), and tap the 'Enter' key. At the CMD prompt type 'pear install mail mail_mime' (less the outside quotes), and tap the 'Enter' key. Close the CMD window and try it again.

You have a non-standard path assigned. I'm betting you failed to edit one of the .reg files to match your path.

Sorry for the delay. There is no event mechanism setup for auto-updating the rules using Pulledpork. This has to be completed manually unless you create something to auto-update. Remember: there needs to be faults checked throughout the complete update process because if one error occurs the Windows Intrusion Detection will shut down without notice. A script would need to very detailed and faults would need to be handled properly.

Preform a fresh install of Windows 10, and then use this tutorial to install the Windows Intrusion Detection System per the support programs you requested.

Make a copy of your barnyard2 folder, and then dissolve the attached by2.zip into the barnyard2 folder and overwrite everything. Then try the test again. Your original barnyard2.conf will not be over written. by2.zip

I just tried on a new install of Windows 7 and there is no problem. I'm not sure what your problem could be, but make sure you are running the modder.vbs from a command window with administrator privileges. You might be able to right click the modder.vbs and Run as Administrator. You might mod the modder.vbs file to bypass the check.

Using Regedit go to this key and what is the value in the Data column for CurrentVersion HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\

Did you run the modder.vbs file? When you type hostname from a CMD prompt what do you get?

It might be easier to just start over. You can fix it but it would require reinstalling MySQL from scratch, fixing the password authentication in BASE and Barnyard2 to sync with the MySQL database. Uninstall MySQL Delete the MySQL folder Do section: Installing the MySQL Database Server Do Section: Configuring the MySQL Database Server Do Section: Creating the Windows Intrusion Detection System Databases Do Section: Creating the Windows Intrusion Detection System Database Tables Do Section: Creating the Windows Intrusion Detection System Database Access, and Authenticated Users Do Section: Confirming MySQL and Snort are operational Do Section: Configuring the Windows Intrusion Detection Systems (WinIDS) Security Console Do Section: Configuring Barnyard2 Do Section: Testing the Barnyard2 configuration file Reboot Do Section: Verifying Barnyard2, and Snort is running as a process after rebooting Do Section: Starting the Windows Intrusion Detection Systems (WinIDS) Security Console That should do it?

Did you run the modder.vbs file? The httpd.conf file looks good. Drop the test.php into the d:\winids\apache24\htdocs\base\ folder. Now open a browser and in the URL dialog box type http://winids/test.php Does all the PHP information display?

Attach your httpd.conf file.

Go back to the section and configure again: Configuring IIS for PHP, and the Windows Intrusion Detection Systems security console

Found a couple of errors, try the attached. php.ini

Go back to the section Configuring IIS for PHP, and the Windows Intrusion Detection Systems security console and verify all the settings, and if all is good the attach the php.ini file.

#1: Original Line(s): var SO_RULE_PATH ../so_rules Change to: # var SO_RULE_PATH ../so_rules Yes, there is a change, as indicated above. #2: Original Line(s): dynamicdetection directory /usr/local/lib/snort_dynamicrules Change to: # dynamicdetection directory /usr/local/lib/snort_dynamicrules Yes, there is a change, as indicated above. Follow the tutorial, and don't make any changes. If you have to make changes there is something wrong.

That is correct. Those two files are used by the Reputation preprocessor. Both files needs to exist or there will be a fatal error.

Look on Snort.org in the documentation section. There are usually a collection of different installs.