Snort mailing list archives

RE: Snort as a service in W2k

From: Steve Moran <steve.moran () csssoftware com>
Date: Tue, 28 Aug 2001 08:52:17 -0600

Firedaemon did it.  Thanks.  Now I have one snort box running srvany and one
running firedaemon..

-----Original Message-----
From: M. Burnett [mailto:mburnett () xato net]
Sent: Monday, August 27, 2001 8:54 PM
To: 'Steve Moran'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort as a service in W2k

When using snort as a service, make sure you use full paths in
everything, including the path to the logs directory.  You also may want
to try firedaemon (www.firedaemon.com) instead of srvyany, I have found
it to be more reliable and it logs errors to the win2k application log.
Also, make sure you are running snort itself, not using srvany or
firedaemon to call a batch file that calls snort.

Mark Burnett
Xato Network Security
www.xato.net

-----Original Message-----
From: snort-users-admin () lists sourceforge net 
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
Steve Moran
Sent: Monday, August 27, 2001 5:10 PM
To: 'Johnson, David'; Steve Moran; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort as a service in W2k

its not that the service isn't starting, which would be the 
case if I typo'd a path or a something along those lines.  
Its that after it does start, no logging occurs, no alert.ids 
is created, and snort does not appear in the processes list.  
However, if I run it via command line, with the same options, 
alert.ids is created, I get acid alerts, and snort is in the 
processes list.  
According to the instructions 
 instsrv srvany c:\path\srvany.exe
 instsrv snort c:\path\srvany.exe

then find snort in the registry and add the parameter key, 
and the two strings, application with the value of the path, 
and appparameters with the flags.  I've done all that, and 
what happens is that when I start the service srvany start, 
but not snort.  I've checked my other snort boxes and the reg 
entry looks ok. 

-----Original Message-----
From: Johnson, David [mailto:DJohnson () IronMountain com]
Sent: Monday, August 27, 2001 4:56 PM
To: 'Steve Moran'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort as a service in W2k

As an idea, make sue that when you are testing running Snort 
from the command line that you start in C:\ and run with the 
same command line options (this will recreate the service's 
attempt to start).  I have had similar experiences setting up 
the service where the problem was one of a path typo or some 
other such silly mistake.

Good luck.

-----Original Message-----
From: Steve Moran [mailto:steve.moran () csssoftware com]
Sent: Monday, August 27, 2001 3:14 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort as a service in W2k

I have set up snort1.8  to run as a service per Micheal 
Steele's instructions, and it doesn't run.  I have set it up 
before, and its always been fine.  This time I can't get it 
to work.  It starts, but I don't see snort running under task 
manager, and no alert.ids file is created.  If I run it from 
the command prompt it runs just fine, ie alerts.ids is 
created and snort is running in task manager.  I can't find 
anything wrong with the way I set up the service.

Steve Moran
Network Security
CSS, Inc.
(303) 526-5515 (work)
(303) 526-3464 x132 (direct)
(720) 244-7038 (cell)
steve.moran () csssoftware com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe: 
http://lists.sourceforge.net/lists/listinfo/sn> ort-users

Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe: 
http://lists.sourceforge.net/lists/listinfo/sn> ort-users

Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort as a service in W2k Steve Moran (Aug 27)
- <Possible follow-ups>
- RE: Snort as a service in W2k Johnson, David (Aug 27)
- RE: Snort as a service in W2k Steve Moran (Aug 27)
- RE: Snort as a service in W2k Johnson, David (Aug 27)
- RE: Snort as a service in W2k Steve Moran (Aug 28)