richartes

Morpheus, Tried the test data steps. Nothing responds. I can get Snort to spit out a stream of data if I run 'snort -i2' (i.e. x = 2). I get only two IDs of 1 and 2. The "x=1" does not give a data stream in snort. Don't know if this is relevant. Still puzzled on how to proceed. Any more suggestions? Richartes PS: Should 'include $RULE_PATHtest.rules' listed in your instructions be changed to 'include $RULE_PATH/test.rules' ?

Morpheus, Yes I completed Testing IIS, and the PHP installation again. The PHP summary displays and reads as instructed. Still same problems with barnyard2 waiting for data and http://winids going to ERROR page. ??? Thanks again, Richartes

Morpheus, More progress. I completed the two sections you suggested. Now http://winids goes to a page listing error 403.14 (see below). When I repeated the two sections, I noticed that initially I left the "base" directory off the "physical path" - so correcting that probably partially solved the problem. Please let me know what to try next. I also am having problems with Barnyard2. When I first got it to run in the box, it was listing a flow of info. Now it just sits there saying "Waiting for new data" (for hours), even when I reboot. ??? I can start and shrink Barnyard2 now as you suggest. Thanks for your help and patience!! Richartes HTTP Error 403.14 - Forbidden The Web server is configured to not list the contents of this directory. Most likely causes: A default document is not configured for the requested URL, and directory browsing is not enabled on the server. Things you can try: If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists. Enable directory browsing using IIS Manager. Open IIS Manager. In the Features view, double-click Directory Browsing. On the Directory Browsing page, in the Actions pane, click Enable. Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file. Detailed Error Information: Module DirectoryListingModule Notification ExecuteRequestHandler Handler StaticFile Error Code 0x00000000 Requested URL http://winids:80/ Physical Path d:\winids\inetpub\wwwroot\base Logon Method Anonymous Logon User Anonymous

Morpheus, Great! I found the error was in installing PostgreSQL (initially it ran out of disk space and I ignored it). Now everything works fine (lots of files fly through the barnyard2 box). However, when I try to get to the Console at http://winids, I get to a MS welcome screen for Internet Information Services. I tried going through the Configuring IIS for the Windows Intrusion Detection Security Console installation section again but got the same result. ??? Also after I closed the Barnyard2 box it disappeared from the task bar - where do I open it again? I tried clicking on barnyard2.exe in the winids/barnyard2 folder and the box flashes on and then disappears. Says I need to tell it something to do? Thanks Again!! Richartes

Morpheus Thanks for the advice. Exactly where is the database file in winids? I want to delete the database and reinstall. Where do I start over to reinstall the database? After reinstalling the database I will go back and try redoing Configuring the PostgreSQL Database Server. Sorry for the naive questions! Thanks again!!, Richartes

Barnyard2 test fails after making changes to barnyard2.conf given in instructions: ERROR database:postgresql_error: ERROR: relations "schema" does not exist LINE 1: SELECT vseq FROM schema ERROR database: executing Select() with Query [SELECT vseq FROM schema] ERROR: database problems with schema version, bailing... Fatal Error,Quitting barnyard2 exiting ERROR database: database: postgresql_error: ERROR: relations "sensor" does not exist LINE 1: UPDATE sensor SET last_cid = 4294967295 WHERE sid = 0; database: closing connection to database "snort"