Problem running snort 1_8 as an NY Win2KSrv Service

["Murphy" <murphy () infomaniak ch>]

Well, it seems that you were successfull installing srvany. Which is just a
wrapper that allows you to run any program that you specified in the
registry as a service.
Tou haven't said what values you use to tell srvany to start snort, and this
is doen trough a couple of keys in the registry.
Here's a snip from the win32 docs on snort.org:

*****************
** At that same prompt type: INSTSRV.EXE snort <PATH TO RESKIT>\SRVANY.EXE

** Now start the Registry Editor From the run box (BACKUP YOUR
REGISTRY!!!!!)

** Locate the following sub key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Snort and select it.

** From the Edit pull down menu select New, select Key, and then type:
Parameters

** Select the new Parameter key, right mouse click, select Key, select
String Value, and type: Application

** Right Mouse Click the new Application String, select Modify, and type:
C:\Snort\Bin\Snort.exe

** Right Mouse Click the Parameter Key again, select New, select String
Value, and type: AppParameters

** Right Mouse Click the new AppParameters String, select Modify

** Type: -c C:\Snort\Bin\Snort.conf -l C:\Snort\Logs -ix

Note: -ix (x is the number of the NIC to place the sensor on)

*******************

Now that's pretty straight forward.
Another thing to check is that all your includes in snort.conf are have a
full path, not just a relative path (should be : c:\snort\blabla.whatever)

Also you might want to go to the service's propreties and check "Allow
service to interact with desktop", which will help you in debugging any
snort startup errors.

Murphy.


>  -----Original Message-----
> From:         snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]  On Behalf Of Wayne Work
> Sent: Tuesday, August 21, 2001 17:44
> To:   Snort-Users
> Subject:      [Snort-users] Problem running snort 1_8 as an NY Win2KSrv Service
>
> All,
>
> I am having problems running the new version on Sort (1_8 MySql) as a
service on a windows2k server. Laos had the problem running it on a Win2kPro
Wkst.
> Used the following parameters and the Two files download from
Silicondefence for the Service install. (also used the resource kit file
with no luck)
> 1. Opened CMD shell
> 2. Naved to WINNT dir
> 3. Typed cmd  INSTSRV SrvAny "c:\winnt\srvany.exe"   (Note of interest.
All documentation on this notes no " " around commands on the command line
such as "C:\snort\Bin\Snort.conf". This is required in Win2K)
>       Install was successful as per the prompt
> 4. Typed INSTSRV snort "C:\Winnt\srvany.exe"
>       Install was noted as successful
> 5.Tryed to start the service in the Service Manager from the Admin tools
>       Returned the "splash screen"  something to the effect that the service
did NOT return and error but that something might be wrong in Windows and if
it persists please contact your Sys admin. (Hell, I am the sys Admin, have
not seen this before though)
> When I did this EXACTLY the same for Snort 1_7 it worked great. I can also
run snort from the command line shell with out any problems
(c:\snort\bin>snort "c:\snort\bin\snort.conf" -l "c:\snort\logs" -i1)
> Works to Mysql populating the tables and outputs to PHP ACID web pages.
>
> HELPPPPPPPPPPPPPPPPP
> Please!!!!!!!!!!!!!!!!
>
> Wayne T Work
> Manager of Information Systems Security
> Cybergnostic.net, Inc.
> 12 Cambridge Dr
> Trumbull, CT 06611
> (Office) 203.331.4417
> (Cell)     203.217.5004


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users