[Snortsam-discussion] MS ISA 2006 functionality

John Liss john at lissproductions.com
Sat Dec 12 15:11:28 EST 2009 

Hey Mark,

I'm having problems compiling snort to talk to snortsam.  (I haven't 
even gotten to compile snortsam yet)

What I have:

Snort 2.8.5.1 + mssql support on XPSp3 Win32 with Visual Studio 2008.  
(I'm about to load VS 6 to see if it fixes some weird upgrade issues 
that may be happening when VS2008 upgrades the VS6 project files.)

Taking the 2.8.5.1 snort code base code and compiling it with out the 
snortsam-2.8.5.diff

The SQLServer Release project seems build ok after I resolved some minor 
issues like missing the sql 2000 ntwdblib.lib, dll and cygwin stuff.

During the build there are lots of warnings about strcpy and fopen but 
it builds.

What is weird, is that the file sizes are way off. (I would suspect a 
tad difference in size but not huge amounts)
Almost like it is missing some class or something.

12/12/2009  01:03 PM           905,216 snort.exe <- Mine
10/21/2009  01:18 PM           913,408 snortworking.exe <- downloaded 
from snort.org in the win32 2.8.5.1 package.

When mine runs it tosses an exception error.
Event Type:    Error
Event Source:    Application Error
Event Category:    None
Event ID:    1000
Date:        12/12/2009
Time:        12:55:17 PM
User:        N/A
Computer:
Description:
Faulting application snort.exe, version 0.0.0.0, faulting module 
snort.exe, version 0.0.0.0, fault address 0x0008838a.

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 73 6e 6f   ure  sno
0018: 72 74 2e 65 78 65 20 30   rt.exe 0
0020: 2e 30 2e 30 2e 30 20 69   .0.0.0 i
0028: 6e 20 73 6e 6f 72 74 2e   n snort.
0030: 65 78 65 20 30 2e 30 2e   exe 0.0.
0038: 30 2e 30 20 61 74 20 6f   0.0 at o
0040: 66 66 73 65 74 20 30 30   ffset 00
0048: 30 38 38 33 38 61 0d 0a   08838a..


I am clueless of where to even begin to fix this error.

Is there any articles or howto's with VS2008/2005 to compile snort?

Or better yet is there a win32 flavor of snort 2.8.5.x out there with 
mssql support and snortsam support.  I haven't been able to find one.
-John

------------------------------------------------------------------------
*From:* Mark Clift <mark.clift at usitek.com>
*To:* "snortsam-discussion at snortsam.net" <snortsam-discussion at snortsam.net>
*Sent:* Saturday, December 12, 2009 12:20:33 PM
*Subject:* [Snortsam-discussion] MS ISA 2006 functionality


> Attached is a readme I wrote sometime back.
> What specific issues are you having compiling? The is a precompiled 
> binary on the snortsam.net site for 2.8.5. The ISA binary there is 
> compiled for ISA2004 and probably used the dll from that version. 
> Though untested it may still function for 2006 as the plugin uses the 
> ISA management interface which is largely unchanged between the 
> versions of ISA 2004 and 2006 otherwise you will need to compile 
> snortsam with the dll from the version and patch level that matches 
> the ISA version you are using.
>
>
> Best Regards,
>
> *Mark P. Clift*
>
> ------------------------------------------------------------------------
> *From:* snortsam-discussion-bounces at snortsam.net 
> [snortsam-discussion-bounces at snortsam.net] On Behalf Of John Liss 
> [john at lissproductions.com]
> *Sent:* Saturday, December 12, 2009 1:36 AM
> *To:* snortsam-discussion at snortsam.net
> *Subject:* [Snortsam-discussion] MS ISA 2006 functionality
>
> Hey all!
> I am trying to figure out how to compile snort to support snortsam, as 
> well as getting it to work with ISA 2006.
> Any how to's to point me in the general direction would be appreciated!
>
> -John*
> *
>
> ------------------------------------------------------------------------
> DISCLAIMER:
> This transmission may contain information that is privileged, 
> confidential and/or exempt from disclosure under applicable law. If 
> you are not the intended recipient, you are hereby notified that any 
> disclosure, copying, distribution, or use of the information contained 
> herein (including any reliance thereon) is STRICTLY PROHIBITED. If you 
> received this transmission in error, please immediately contact the 
> sender and destroy the material in its entirety, whether in electronic 
> or hard copy format. Internet communications cannot be guaranteed to 
> be timely, secure, error or virus-free. The sender does not accept 
> liability for any errors or omissions.
>
>
> _______________________________________________
> Snortsam-discussion mailing list
> Snortsam-discussion at snortsam.net
> http://lists.snortsam.net/mailman/listinfo/snortsam-discussion
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.snortsam.net/pipermail/snortsam-discussion/attachments/20091212/a69fb928/attachment.html

More information about the Snortsam-discussion mailing list