IDS installation on XP

Winpcap 3.1: http://www.winpcap.org/install/default.htm

Snort2.4: http://www.snort.org/dl/binaries/win32/Snort_240_Installer.exe
PCRE: http://prdownloads.sourceforge.net/gnuwin32/pcre-5.0.exe?download

Open http://localhost/phpmyadmin/ with password and then select the

corresponding table to enter the sql. You can enter sql statement by select SQL
button, or import from a text file. Choose c:\snort\schemas\create_mysql to create
schema (tables) in snort database.
Instead of setup AG button, it is create AG button
Reading README.w32 to starting window version of snort

Edit snort.conf with

output database: log, mysql, user=snort password=<nameyear>
dbname=snort host=localhost

http://www.winsnort.com/modules.php?
op=modload&name=Sections&file=index&req=listarticles&secid=9 is very
helpful
Having problem with local mysql 4.13 with xampp, got

Error "File 'c:\mysql\\share\charsets\?.conf'

not found (Errcode: 2) Character set '#48' is
not a compiled character set and is not specified
in the 'c:\mysql\\share\charsets\Index' file "
Try look at http://dev.mysql.com/doc/mysql/en/problems-with-charactersets.html
Does not seem to be able to fix it.
Try to use older mysql server on blanca and it seems to work fine.
However I need to modify snort.conf
output database: alert, mysql, user=snort password=XXXXX dbname=snort
host=blanca.uccs.edu
and change C:\Program Files\xampp\htdocs\snort\base\base_conf.php
with
$alert_dbname = "snort";
$alert_host = "blanca.uccs.edu";
$alert_port = "";
$alert_user = "snort";
$alert_password = "XXXX";
Hope some students can find the fix and use mysql server locally.
http://www.winsnort.com/modules.php?
op=modload&name=Sections&file=index&req=viewarticle&artid=5&page=1
shows the use of master and slave sensors both inside and outside of the firewall.
This is the type of IDS deployment we would like to have. They all send IDS info to
mysql server.
Start snort with ./snort -c "c:\snort\etc\snort.conf" -l "c:\snort\log" -i1