jrivett

Oops. I didn't notice that the new lines were commented out. It's kind of hard to see, with the way the text is formatted. Thanks.

Okay, thanks for clearing that up.

There are a couple of path adjustments in the procedure that seem to be not quite correct. #1: Original Line(s): var SO_RULE_PATH ../so_rules Change to: # var SO_RULE_PATH ../so_rules This is not actually a change, since the two lines are identical. Presumably it's supposed to be 'd:\winids\Snort\so_rules'. Is that right? #2: Original Line(s): dynamicdetection directory /usr/local/lib/snort_dynamicrules Change to: # dynamicdetection directory /usr/local/lib/snort_dynamicrules This is not actually a change, since the two lines are identical. And when I run the Snort test, I get this fatal error: 'ERROR: f:\winids\snort\etc\snort.conf(258) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory.' I was going to change the path to 'f:\winids\snort\lib\snort_dynamicrules', bu that directory doesn't exist. Any ideas?

I'm at this step: 'Configuring Snort, the Heart of the Windows Intrusion Detection System (WinIDS)'. At this point there are two commands, the point of which seems to be to clear the blacklist and whitelist files that are included with Snort. Here's the first one: 'type NUL > d:\winids\snort\rules\black_list.rules' This actually creates a *new* file called 'black_list.rules', with no content (size zero). I think perhaps the intention was to clear the contents of the existing file, which is actually named 'blacklist.rules'. I don't see 'white_list.rules' or 'whitelist.rules', so the other command just creates an empty 'white_list.rules'.

That's the conclusion I came to as well, but I looked around in the tutorials and didn't see one that looked right. In my case, the Master will be on a 64-bit Linux server. Can you perhaps point me to the appropriate tutorial?

I'm at the point in the tutorial where access to the master's MySQL server is tested. But the tool used (portqry) is nowhere to be found in the downloaded files (winids-cssp-x64.zip).

I'm working through this tutorial and have hit a bit of a roadblock. Starting at 'Prepping the Windows Intrusion Detection System (WinIDS) Master Sensor', there seems to be an assumption that I already have mySQL installed, and that there's already a database called 'snort'. But I can't find anything in the tutorial about installing MySQL or creating that database or its tables. I checked the various scripts in the WinIDS package (winids-cssp-x64.zip), and didn't find anything there either. What am I missing?