scowles

Members
 View profile  See their activity

  • Content count

    19

  • Joined

  • Last visited

Community Reputation

0 Neutral

See reputation activity

About scowles

  • Rank
    Member

Recent Profile Visitors

3,389 profile views
  1. I have completed installing and configuring for PulledPork. Now I see all of these SO_RULES in the snort.conf file. They are all commented out. I am not catching any events. I see no other rules in snort.conf other than SO_RULEs. Are there supposed to be regular rules there? If yes, how do I get them there? I have started to read- SO_Rules are not compatible with Windows.
  2. Yes, I have rebooted many times. Results of the requested command run are attached. Thanks.
  3. Missing Results attached
  4. Here's the result of my going back and executing the instructions more carefully-
  5. Morpheus, Thanks. Good recommendation but I think the registry might be where the issue is?
  6. I got all the way through the How to Install This Windows Intrusion Detection System (WinIDS) tutorial and was getting thousands of alerts. But, I always had to manually start snort from the command line. Barnyard 2 always started automatically.
  7. Using the commands in the tutorial to install snort as a service this is the path I end up with. Is it correct? The service won't start and results in- "Windows could not start the Snort service on Local Computer" "Path to executable:" "d:\winids\Snort\bin\snort /SERVICE"
  8. The configuration of Pulled Pork installation is verified. Now testing update of rules and signatures using Pulledpork. The attachment shows the error that results from the test. I have gone to the referenced line numbers shown in the error message but have not been able to determine a resolution. Please advise.
  9. Is there some type of message to acknowledge that the command has completed? perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T The first time I've run it, seems to be stuck at "Prepping rules from opensource.gz for work...." for hours now.
  10. Update: I've successfully completed the Barnyard2 testing with a good result. Thanks.
  11. This has NOT been resolved by correcting configuration errors. Barnyard2 fails with "ERROR: database connection to database 'snort' failed Barnyard2 exiting database: Closing connection to database "snort" Postresql Error Msg.docx
  12. Good thought. However, I took your advice and did DROP DATABASE snort successfully and then created it again. Same result- The Barnyard2 configuration test fails with the following result- ERROR: database Connection to database 'snort' failed Fatal Error, exiting database: Closing connection to database "snort" Note also: I can connect to the snort database as user postgres via '\connect snort;' Any further suggestions for resolving would be appreciated.
  13. After checking and double-checking the Barnyard2.conf file which is including the line 'output database: log, postgresql, user=snort password=l0gg3r dbname=snort host=winids sensor_name=WinIDS-Home' The Barnyard2 configuration test fails with the following result- ERROR: database Connection to database 'snort' failed Fatal Error, exiting database: Closing connection to database "snort" Any suggestions for resolving would be appreciated.
  14. One more command under the install tutorial heading of "Creating the Windows Intrusion Detection System Database Tables " \i d:/temp/snort_user.sql; the result is WARNING: sequence "reference_ref_id_seq" only supports USAGE, SELECT, and UPDATE privileges but after that I get GRANT Is that the expected result?
  15. Thank you. Reversing the slashes as you suggested and keeping the semi-colon worked...so far