linda.carter

I finally got the whole tutorial on winsnort w/mysql done and thought it was correct, as all of my tests passed, but now that I've started through the manual, and am trying out sniffer mode, I am getting traffic, but with an error. WARNING: No preprocessors configured for policy 0. I went back through the snort.config file and I think it's correct. Is this usual? Thanks, linda

I followed the directions, and it starts as a service. I have also tried the various switches like snort -v -i1. That is where I see them. On a good note, I got everything so that is looks like it is working, and I got Pulled Pork installed. I'm just not sure now how to trap what I really want to see. Working through the manual... I reread your earlier post, and tried this: d:\winids\snort\bin>snort -v -c d:\winids\snort\etc\snort.conf -i1 and got a string of stuff, but a fatal error, quitting. ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. In my snort.conf there is this line: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log } . It is the only line with \portscan.

I just started this install and downloaded the correct files from the tutorial, but I can't unzip the winids-cssp-x64.zip file as the winsn03t.c0m password fails. Did it change?

Ugh! Don't know why I didn't see that before. Sneaky 1. All is good. Thanks for your patience.

I got the file from the 64-bit windows all link, which has that password underneath, plus when you click the icon, takes you to the actual download page that also has that password. This gets me the winids-cssp-x64.zip file, and on that page it has that password. Am I doing something out of order? I can usually follow directions pretty well. Where should I "look again"?