Mohamadou

Failed to install completly Winsnort and Base

35 posts in this topic

Hello evry one I'm new in winsnort forum...I have install Winsnort on Windows Server 2008,i use IIS 7.i need help to install BASE image_Color package when i try to download it the web site return a error,and the files of BASE is old to php5,i have try to revised it but i can not do....please can you give  the recent files of BASE that work with Php5, and explain me how to install manually the package of Image_Color  to use with BASE,thanks.

 

 

PS:Sorry i don't write and speak very well english.

Share this post


Link to post
Share on other sites

Thanks Morpheus for your reply....i have install the pear package Image...Now my problem is the files of BASE (is old)... i gonna download the old php(2) to run BASE normaly?

Share this post


Link to post
Share on other sites

The tutorial works as is. All the latest files are referenced for installation in the Tutitorals, and only use those files as they have been tested.

 

 Not sure exactly what you mean by running BASE normally. I had no idea the tutorials were running BASE abnormally.

Share this post


Link to post
Share on other sites

When i open the BASE interface i have some php eror,there are many fonction not exist any more on php5, like ereg_replace(),it is remplaced with replaced with preg_replace(),so when i change this i got another error on the regex : preg_replace()  compilation failed :unmatch parentheses offset; i have verified the regex but i don't  find eror.

Share this post


Link to post
Share on other sites

BASE runs fine on PHP5 when there is a fresh install of any of the supported windows operating system, and the tutorial is followed exactly as instructed.

 

There could be problems installing the Windows Intrusion Detection System on an existing supported, or unsupported Windows operating system.

 

Make SURE configuring PHP is followed exactly as outlined in the tutorial.

Share this post


Link to post
Share on other sites

I think the problem is barnyard2,it can not connect to mysql, when i installed it i had run the  auto-local-barnyard2.reg without problem,now after reboot when  i  initialize manually barnryard with by2test.bat :
I have the following error:

 

http://hpics.li/6803e65

for connexon with database in barnyard2.conf I use:
 output database: log,  mysql,  user =snort  password =l1gg3r  dbname =snort  host = WIN-BDXXP8P8FSY  sensor_name = WinIDS-Home

Share this post


Link to post
Share on other sites

Attach the snort.conf, barnyard2.conf, php.ini, and the base.conf.php

 

If you are unable to post them individually as an attachment, the place them into a zip file and attach. I am unable to work with configuration files posted as raw text.

Share this post


Link to post
Share on other sites

Now it work!!!

 

http://hpics.li/a597d2d

 

 

Now i want to use it in this architecture : install snort and base in windows server 2008 and use windows 7 and debian like clients...in the Virtual Box now all clients can request the server and server too : i use internal connnexion and NAT connexion in the virtual box Network, but when i launch snort and do a ping or open any web site the are no icmp traffic either tcp traffic in internal and NAT connexion.

Share this post


Link to post
Share on other sites

Yes,it is not work...DoS doen't work too,snort detect DoS like a simple ICMP, in the signature it mark : icmp event

 

my DoS.bat : @echo off
 for /l %%v in (0, 1,25) do start ping 192.168.70.100 /w 1 /t /l 65500
 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Hello I followed the tutorial step by step, now the interface BASE does not back any traffic , I try a ping from another machine on the network but nothing

.

 

http://hpics.li/9154272

you can be Instructions helps me correct this error

ps: I'm sorry , I don't write english very well

Share this post


Link to post
Share on other sites

Are you able to ping locally (127.0.0.1)?

 

Unable to detect ping could be firewall, or router issues?

Share this post


Link to post
Share on other sites

Are you able to ping locally (127.0.0.1)?

 

Unable to detect ping could be firewall, or router issues?

firewall turn off and you can helps me file configured ?

winIDS.zip

Share this post


Link to post
Share on other sites

firewall turn off and you can helps me file configured ?

 

 

I found a few quirks but nothing major. Swap the files in the attached .zip with your existing files.

winIDS.zip

thang_dl likes this

Share this post


Link to post
Share on other sites

I found a few quirks but nothing major. Swap the files in the attached .zip with your existing files.

thanks admin but I don't run snort on windows XP :(

I'm got error  as picture, Can you fix it help me?

post-891-0-63626900-1416538456_thumb.png

Share this post


Link to post
Share on other sites

thanks admin but I don't run snort on windows XP :(

I'm got error  as picture, Can you fix it help me?

I'm not sure what Windows XP has to do with this problem?

 

It appears by the screen shot that NO traffic is being detected. This could be a MULTITUDE of problems.

 

1) NIC drivers, or compatibility

2) Not specifying the correct NIC in the run line

3) Connected to a unmanaged switch (needs to see ALL traffic).

4) Short not configured correctly for HOME_NET

Share this post


Link to post
Share on other sites
I checked and the following error:
---------------------------------------------------------
C:>d:winidsactivatorsby2-test
C:>d:winidsbarnyard2barnyard2.exe -c d:winids
barnyard2etcbarnyard2.conf -d d:winidssnortlog -f merged.log -l d:winids
barnyard2 -w d:winidssnortlogbarnyard.waldo -T
Running in Test mode
        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "d:winidsbarnyard2etcbarnyard2.conf"
+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+
WARNING: invalid Reference spec 'url,'. Ignored
WARNING: invalid Reference spec 'url,'. Ignored
Barnyard2 spooler: Event cache size set to [32768]
INFO database: Defaulting Reconnect/Transaction Error limit to 10
INFO database: Defaulting Reconnect sleep time to 5 second
database mysql_error: Can't connect to local MySQL server through socket '/tmp/m
ysql.sock' (2)
Barnyard2 exiting
database: Closing connection to database "snort"
---------------------------------------------------------
Can you help me?

Share this post


Link to post
Share on other sites

Is MySQL running as a service?

 

Can you login to the MySQL server from the command prompt.

 

Open a command window and type 'mysql -u snort -pl0gg3r' (less the outside quotes), and tap the Enter key.

 

Type exactly as shown above.

 

You should be dropped into a mysql CMD prompt.

 

Were you able to log into the MySQL server?

Share this post


Link to post
Share on other sites

I can log in mysql and check database

# mysql -u snort -p
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| archive            |
| mysql              |
| performance_schema |
| snort              |
| test               |
+--------------------+

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now