[Snortsam-discussion] MS ISA 2006 functionality

Mark Clift mark.clift at usitek.com
Mon Dec 14 02:18:08 EST 2009 

I am happy to hear you had success and that someone besides myself is getting use out of the work.

Best Regards,

Mark P. Clift
________________________________
From: snortsam-discussion-bounces at snortsam.net [snortsam-discussion-bounces at snortsam.net] On Behalf Of John Liss [john at lissproductions.com]
Sent: Sunday, December 13, 2009 2:38 PM
To: snortsam-discussion at snortsam.net
Subject: Re: [Snortsam-discussion] MS ISA 2006 functionality


Gang,

After loading VS6, I was able to compile both snort + mssql and snortsam + isa2006.
Appears functional and adding IP's to the block computer lists.

Thanks Mark the the nudge in the right direction : ]

Conclusion, VS2008's upgrade process (or just change in functionality) breaks the project.

-John

________________________________
From: Mark Clift <mark.clift at usitek.com><mailto:mark.clift at usitek.com>
To: "john at lissproductions.com"<mailto:john at lissproductions.com> <john at lissproductions.com><mailto:john at lissproductions.com>, "snortsam-discussion at snortsam.net"<mailto:snortsam-discussion at snortsam.net> <snortsam-discussion at snortsam.net><mailto:snortsam-discussion at snortsam.net>
Sent: Saturday, December 12, 2009 3:05:17 PM
Subject: [Snortsam-discussion] MS ISA 2006 functionality



I have had the best results using VC6 when working with this project. Moving to that will probably solve most if not all of your problems. I was just about to upgrade my coding PC but I think I will take a few minutes to see if I can get anything to compile before doing that. I has been a couple of years since I worked on this project.

Best Regards,

Mark P. Clift
________________________________
From: snortsam-discussion-bounces at snortsam.net<mailto:snortsam-discussion-bounces at snortsam.net> [snortsam-discussion-bounces at snortsam.net<mailto:snortsam-discussion-bounces at snortsam.net>] On Behalf Of John Liss [john at lissproductions.com<mailto:john at lissproductions.com>]
Sent: Saturday, December 12, 2009 3:11 PM
To: snortsam-discussion at snortsam.net<mailto:snortsam-discussion at snortsam.net>
Subject: Re: [Snortsam-discussion] MS ISA 2006 functionality

Hey Mark,

I'm having problems compiling snort to talk to snortsam.  (I haven't even gotten to compile snortsam yet)

What I have:

Snort 2.8.5.1 + mssql support on XPSp3 Win32 with Visual Studio 2008.  (I'm about to load VS 6 to see if it fixes some weird upgrade issues that may be happening when VS2008 upgrades the VS6 project files.)

Taking the 2.8.5.1 snort code base code and compiling it with out the snortsam-2.8.5.diff

The SQLServer Release project seems build ok after I resolved some minor issues like missing the sql 2000 ntwdblib.lib, dll and cygwin stuff.

During the build there are lots of warnings about strcpy and fopen but it builds.

What is weird, is that the file sizes are way off. (I would suspect a tad difference in size but not huge amounts)
Almost like it is missing some class or something.

12/12/2009  01:03 PM           905,216 snort.exe  <- Mine
10/21/2009  01:18 PM           913,408 snortworking.exe <- downloaded from snort.org in the win32 2.8.5.1 package.

When mine runs it tosses an exception error.
Event Type:    Error
Event Source:    Application Error
Event Category:    None
Event ID:    1000
Date:        12/12/2009
Time:        12:55:17 PM
User:        N/A
Computer:
Description:
Faulting application snort.exe, version 0.0.0.0, faulting module snort.exe, version 0.0.0.0, fault address 0x0008838a.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 73 6e 6f   ure  sno
0018: 72 74 2e 65 78 65 20 30   rt.exe 0
0020: 2e 30 2e 30 2e 30 20 69   .0.0.0 i
0028: 6e 20 73 6e 6f 72 74 2e   n snort.
0030: 65 78 65 20 30 2e 30 2e   exe 0.0.
0038: 30 2e 30 20 61 74 20 6f   0.0 at o
0040: 66 66 73 65 74 20 30 30   ffset 00
0048: 30 38 38 33 38 61 0d 0a   08838a..


I am clueless of where to even begin to fix this error.

Is there any articles or howto's with VS2008/2005 to compile snort?

Or better yet is there a win32 flavor of snort 2.8.5.x out there with mssql support and snortsam support.  I haven't been able to find one.
-John

________________________________
From: Mark Clift <mark.clift at usitek.com><mailto:mark.clift at usitek.com>
To: "snortsam-discussion at snortsam.net"<mailto:snortsam-discussion at snortsam.net> <snortsam-discussion at snortsam.net><mailto:snortsam-discussion at snortsam.net>
Sent: Saturday, December 12, 2009 12:20:33 PM
Subject: [Snortsam-discussion] MS ISA 2006 functionality


Attached is a readme I wrote sometime back.

What specific issues are you having compiling? The is a precompiled binary on the snortsam.net site for 2.8.5. The ISA binary there is compiled for ISA2004 and probably used the dll from that version. Though untested it may still function for 2006 as the plugin uses the ISA management interface which is largely unchanged between the versions of ISA 2004 and 2006 otherwise you will need to compile snortsam with the dll from the version and patch level that matches the ISA version you are using.

Best Regards,

Mark P. Clift
________________________________
From: snortsam-discussion-bounces at snortsam.net<mailto:snortsam-discussion-bounces at snortsam.net> [snortsam-discussion-bounces at snortsam.net<mailto:snortsam-discussion-bounces at snortsam.net>] On Behalf Of John Liss [john at lissproductions.com<mailto:john at lissproductions.com>]
Sent: Saturday, December 12, 2009 1:36 AM
To: snortsam-discussion at snortsam.net<mailto:snortsam-discussion at snortsam.net>
Subject: [Snortsam-discussion] MS ISA 2006 functionality

Hey all!
I am trying to figure out how to compile snort to support snortsam, as well as getting it to work with ISA 2006.
Any how to's to point me in the general direction would be appreciated!

-John

________________________________
DISCLAIMER:
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.


_______________________________________________
Snortsam-discussion mailing list
Snortsam-discussion at snortsam.net<mailto:Snortsam-discussion at snortsam.net>http<http://lists.snortsam.net/mailman/listinfo/snortsam-discussion>://lists.snortsam.net/mailman/listinfo/snortsam-discussion<http://lists.snortsam.net/mailman/listinfo/snortsam-discussion>


________________________________
DISCLAIMER:
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.

________________________________
DISCLAIMER:
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.snortsam.net/pipermail/snortsam-discussion/attachments/20091214/5c1f4e4a/attachment-0001.html

More information about the Snortsam-discussion mailing list