[Snortsam-discussion] MS ISA 2006 functionality

John Liss john at lissproductions.com
Sun Dec 13 14:38:12 EST 2009 

Gang,

After loading VS6, I was able to compile both snort + mssql and snortsam 
+ isa2006.
Appears functional and adding IP's to the block computer lists.

Thanks Mark the the nudge in the right direction : ]

Conclusion, VS2008's upgrade process (or just change in functionality) 
breaks the project.

-John

------------------------------------------------------------------------
*From:* Mark Clift <mark.clift at usitek.com>
*To:* "john at lissproductions.com" <john at lissproductions.com>, 
"snortsam-discussion at snortsam.net" <snortsam-discussion at snortsam.net>
*Sent:* Saturday, December 12, 2009 3:05:17 PM
*Subject:* [Snortsam-discussion] MS ISA 2006 functionality


> I have had the best results using VC6 when working with this project. 
> Moving to that will probably solve most if not all of your problems. I 
> was just about to upgrade my coding PC but I think I will take a few 
> minutes to see if I can get anything to compile before doing that. I 
> has been a couple of years since I worked on this project.
>
>
> Best Regards,
>
> *Mark P. Clift*
> ------------------------------------------------------------------------
> *From:* snortsam-discussion-bounces at snortsam.net 
> [snortsam-discussion-bounces at snortsam.net] On Behalf Of John Liss 
> [john at lissproductions.com]
> *Sent:* Saturday, December 12, 2009 3:11 PM
> *To:* snortsam-discussion at snortsam.net
> *Subject:* Re: [Snortsam-discussion] MS ISA 2006 functionality
>
> Hey Mark,
>
> I'm having problems compiling snort to talk to snortsam.  (I haven't 
> even gotten to compile snortsam yet)
>
> What I have:
>
> Snort 2.8.5.1 + mssql support on XPSp3 Win32 with Visual Studio 2008.  
> (I'm about to load VS 6 to see if it fixes some weird upgrade issues 
> that may be happening when VS2008 upgrades the VS6 project files.)
>
> Taking the 2.8.5.1 snort code base code and compiling it with out the 
> snortsam-2.8.5.diff
>
> The SQLServer Release project seems build ok after I resolved some 
> minor issues like missing the sql 2000 ntwdblib.lib, dll and cygwin stuff.
>
> During the build there are lots of warnings about strcpy and fopen but 
> it builds.
>
> What is weird, is that the file sizes are way off. (I would suspect a 
> tad difference in size but not huge amounts)
> Almost like it is missing some class or something.
>
> 12/12/2009  01:03 PM           905,216 snort.exe <- Mine
> 10/21/2009  01:18 PM           913,408 snortworking.exe <- downloaded 
> from snort.org in the win32 2.8.5.1 package.
>
> When mine runs it tosses an exception error.
> Event Type:    Error
> Event Source:    Application Error
> Event Category:    None
> Event ID:    1000
> Date:        12/12/2009
> Time:        12:55:17 PM
> User:        N/A
> Computer:
> Description:
> Faulting application snort.exe, version 0.0.0.0, faulting module 
> snort.exe, version 0.0.0.0, fault address 0x0008838a.
>
> For more information, see Help and Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 41 70 70 6c 69 63 61 74   Applicat
> 0008: 69 6f 6e 20 46 61 69 6c   ion Fail
> 0010: 75 72 65 20 20 73 6e 6f   ure  sno
> 0018: 72 74 2e 65 78 65 20 30   rt.exe 0
> 0020: 2e 30 2e 30 2e 30 20 69   .0.0.0 i
> 0028: 6e 20 73 6e 6f 72 74 2e   n snort.
> 0030: 65 78 65 20 30 2e 30 2e   exe 0.0.
> 0038: 30 2e 30 20 61 74 20 6f   0.0 at o
> 0040: 66 66 73 65 74 20 30 30   ffset 00
> 0048: 30 38 38 33 38 61 0d 0a   08838a..
>
>
> I am clueless of where to even begin to fix this error.
>
> Is there any articles or howto's with VS2008/2005 to compile snort?
>
> Or better yet is there a win32 flavor of snort 2.8.5.x out there with 
> mssql support and snortsam support.  I haven't been able to find one.
> -John
>
> ------------------------------------------------------------------------
> *From:* Mark Clift <mark.clift at usitek.com>
> *To:* "snortsam-discussion at snortsam.net" 
> <snortsam-discussion at snortsam.net>
> *Sent:* Saturday, December 12, 2009 12:20:33 PM
> *Subject:* [Snortsam-discussion] MS ISA 2006 functionality
>
>
>> Attached is a readme I wrote sometime back.
>> What specific issues are you having compiling? The is a precompiled 
>> binary on the snortsam.net site for 2.8.5. The ISA binary there is 
>> compiled for ISA2004 and probably used the dll from that version. 
>> Though untested it may still function for 2006 as the plugin uses the 
>> ISA management interface which is largely unchanged between the 
>> versions of ISA 2004 and 2006 otherwise you will need to compile 
>> snortsam with the dll from the version and patch level that matches 
>> the ISA version you are using.
>>
>>
>> Best Regards,
>>
>> *Mark P. Clift*
>>
>> ------------------------------------------------------------------------
>> *From:* snortsam-discussion-bounces at snortsam.net 
>> [snortsam-discussion-bounces at snortsam.net] On Behalf Of John Liss 
>> [john at lissproductions.com]
>> *Sent:* Saturday, December 12, 2009 1:36 AM
>> *To:* snortsam-discussion at snortsam.net
>> *Subject:* [Snortsam-discussion] MS ISA 2006 functionality
>>
>> Hey all!
>> I am trying to figure out how to compile snort to support snortsam, 
>> as well as getting it to work with ISA 2006.
>> Any how to's to point me in the general direction would be appreciated!
>>
>> -John*
>> *
>>
>> ------------------------------------------------------------------------
>> DISCLAIMER:
>> This transmission may contain information that is privileged, 
>> confidential and/or exempt from disclosure under applicable law. If 
>> you are not the intended recipient, you are hereby notified that any 
>> disclosure, copying, distribution, or use of the information 
>> contained herein (including any reliance thereon) is STRICTLY 
>> PROHIBITED. If you received this transmission in error, please 
>> immediately contact the sender and destroy the material in its 
>> entirety, whether in electronic or hard copy format. Internet 
>> communications cannot be guaranteed to be timely, secure, error or 
>> virus-free. The sender does not accept liability for any errors or 
>> omissions.
>>
>>
>> _______________________________________________
>> Snortsam-discussion mailing list
>> Snortsam-discussion at snortsam.nethttp://lists.snortsam.net/mailman/listinfo/snortsam-discussion
>>    
>
> ------------------------------------------------------------------------
> DISCLAIMER:
> This transmission may contain information that is privileged, 
> confidential and/or exempt from disclosure under applicable law. If 
> you are not the intended recipient, you are hereby notified that any 
> disclosure, copying, distribution, or use of the information contained 
> herein (including any reliance thereon) is STRICTLY PROHIBITED. If you 
> received this transmission in error, please immediately contact the 
> sender and destroy the material in its entirety, whether in electronic 
> or hard copy format. Internet communications cannot be guaranteed to 
> be timely, secure, error or virus-free. The sender does not accept 
> liability for any errors or omissions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.snortsam.net/pipermail/snortsam-discussion/attachments/20091213/8b5f8411/attachment.html

More information about the Snortsam-discussion mailing list