Failed to install completly Winsnort and Base

[Mohamadou]

Hello evry one I'm new in winsnort forum...I have install Winsnort on Windows Server 2008,i use IIS 7.i need help to install BASE image_Color package when i try to download it the web site return a error,and the files of BASE is old to php5,i have try to revised it but i can not do....please can you give  the recent files of BASE that work with Php5, and explain me how to install manually the package of Image_Color  to use with BASE,thanks.

 

 

PS:Sorry i don't write and speak very well english.

[Morpheus]

Check this >topic out.

[Mohamadou]

Thanks Morpheus for your reply....i have install the pear package Image...Now my problem is the files of BASE (is old)... i gonna download the old php(2) to run BASE normaly?

[Morpheus]

The tutorial works as is. All the latest files are referenced for installation in the Tutitorals, and only use those files as they have been tested.

 

 Not sure exactly what you mean by running BASE normally. I had no idea the tutorials were running BASE abnormally.

[Mohamadou]

When i open the BASE interface i have some php eror,there are many fonction not exist any more on php5, like ereg_replace(),it is remplaced with replaced with preg_replace(),so when i change this i got another error on the regex : preg_replace()  compilation failed :unmatch parentheses offset; i have verified the regex but i don't  find eror.

[Morpheus]

BASE runs fine on PHP5 when there is a fresh install of any of the supported windows operating system, and the tutorial is followed exactly as instructed.

 

There could be problems installing the Windows Intrusion Detection System on an existing supported, or unsupported Windows operating system.

 

Make SURE configuring PHP is followed exactly as outlined in the tutorial.

[Mohamadou]

Ok, i will retry to install it at the first.

[Mohamadou]

Hello I followed the tutorial step by step, now the interface BASE does not back any traffic , I try a ping from another machine on the network but nothing

.

 

http://hpics.li/9154272

[Mohamadou]

I think the problem is barnyard2,it can not connect to mysql, when i installed it i had run the  auto-local-barnyard2.reg without problem,now after reboot when  i  initialize manually barnryard with by2test.bat :
I have the following error:

 

http://hpics.li/6803e65

for connexon with database in barnyard2.conf I use:
 output database: log,  mysql,  user =snort  password =l1gg3r  dbname =snort  host = WIN-BDXXP8P8FSY  sensor_name = WinIDS-Home

[Morpheus]

Attach the snort.conf, barnyard2.conf, php.ini, and the base.conf.php

 

If you are unable to post them individually as an attachment, the place them into a zip file and attach. I am unable to work with configuration files posted as raw text.

[Mohamadou]

Hello, my last problem :merged.log.****** is always empty...

winsort.zip

[Mohamadou]

???

[Mohamadou]

Now it work!!!

 

http://hpics.li/a597d2d

 

 

Now i want to use it in this architecture : install snort and base in windows server 2008 and use windows 7 and debian like clients...in the Virtual Box now all clients can request the server and server too : i use internal connnexion and NAT connexion in the virtual box Network, but when i launch snort and do a ping or open any web site the are no icmp traffic either tcp traffic in internal and NAT connexion.

[Mohamadou]

Hello everyone snort can't detect scan port...i use nmap to scan.

[Morpheus]

Hello everyone snort can't detect scan port...i use nmap to scan.

 

Did you try this: >Link

[Mohamadou]

Yes,it is not work...DoS doen't work too,snort detect DoS like a simple ICMP, in the signature it mark : icmp event

 

my DoS.bat : @echo off
 for /l %%v in (0, 1,25) do start ping 192.168.70.100 /w 1 /t /l 65500
 

 

 

 

 

 

[thang_dl]

Hello I followed the tutorial step by step, now the interface BASE does not back any traffic , I try a ping from another machine on the network but nothing

.

 

http://hpics.li/9154272

you can be Instructions helps me correct this error

ps: I'm sorry , I don't write english very well

[Morpheus]

Are you able to ping locally (127.0.0.1)?

 

Unable to detect ping could be firewall, or router issues?

[thang_dl]

Are you able to ping locally (127.0.0.1)?

 

Unable to detect ping could be firewall, or router issues?

firewall turn off and you can helps me file configured ?

winIDS.zip

[Morpheus]

firewall turn off and you can helps me file configured ?

 

 

I found a few quirks but nothing major. Swap the files in the attached .zip with your existing files.

winIDS.zip

[thang_dl]

I found a few quirks but nothing major. Swap the files in the attached .zip with your existing files.

thanks admin but I don't run snort on windows XP

I'm got error  as picture, Can you fix it help me?

[Morpheus]

thanks admin but I don't run snort on windows XP

I'm got error  as picture, Can you fix it help me?

I'm not sure what Windows XP has to do with this problem?

 

It appears by the screen shot that NO traffic is being detected. This could be a MULTITUDE of problems.

 

1) NIC drivers, or compatibility

2) Not specifying the correct NIC in the run line

3) Connected to a unmanaged switch (needs to see ALL traffic).

4) Short not configured correctly for HOME_NET

[thang_dl]

I checked and the following error:

---------------------------------------------------------

C:>d:winidsactivatorsby2-test

C:>d:winidsbarnyard2barnyard2.exe -c d:winids

barnyard2etcbarnyard2.conf -d d:winidssnortlog -f merged.log -l d:winids

barnyard2 -w d:winidssnortlogbarnyard.waldo -T

Running in Test mode

        --== Initializing Barnyard2 ==--

Initializing Input Plugins!

Initializing Output Plugins!

Parsing config file "d:winidsbarnyard2etcbarnyard2.conf"

+[ Signature Suppress list ]+

----------------------------

+[No entry in Signature Suppress List]+

----------------------------

+[ Signature Suppress list ]+

WARNING: invalid Reference spec 'url,'. Ignored

WARNING: invalid Reference spec 'url,'. Ignored

Barnyard2 spooler: Event cache size set to [32768]

INFO database: Defaulting Reconnect/Transaction Error limit to 10

INFO database: Defaulting Reconnect sleep time to 5 second

database mysql_error: Can't connect to local MySQL server through socket '/tmp/m

ysql.sock' (2)

Barnyard2 exiting

database: Closing connection to database "snort"

---------------------------------------------------------

Can you help me?

[Morpheus]

Is MySQL running as a service?

 

Can you login to the MySQL server from the command prompt.

 

Open a command window and type 'mysql -u snort -pl0gg3r' (less the outside quotes), and tap the Enter key.

 

Type exactly as shown above.

 

You should be dropped into a mysql CMD prompt.

 

Were you able to log into the MySQL server?

[thang_dl]

I can log in mysql and check database

# mysql -u snort -p

mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| archive            |

| mysql              |

| performance_schema |

| snort              |

| test               |

+--------------------+