RE: Snort 2.0 as a Windows Service??

["Michael Steele" <michaels () silicondefense com>]

Brad,

I have the Snort service configured but Snort is not started because
MySQL needs to be configured so Snort won't barf on the output database
line. Snort and MySQL MUST be fully configured before the reboot as
stated in the docs.

If you have Snort running with the native Snort service, then there is
no problem in dumping a new version of snort into that same folder. Make
sure to stop Snort before you do this then restart snort. Another thing,
make a backup of the snort folder before doing this as you will need to
either update the snort.conf or copy the old one back along with any
modified rules.

-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels () silicondefense com    
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: kerberos K [mailto:kerberos_k () hotmail com] 
Sent: Wednesday, April 23, 2003 11:18 AM
To: michaels () silicondefense com; erek () snort org
Cc: RussU () RP-L com
Subject: RE: [Snort-users] Snort 2.0 as a Windows Service??


Guys,

This is fascinating, and I'm learning an enormous amount. Thank You... I
do 
however have an additional question?

In following Michaels document, it appears as though I should be able to

start Snort as a service, prior to even configuring the MySql database
and 
users...

If this is in fact true, why would the database issue cause me to have 
issues starting the service?

Also, I had this working flawlessly with V 1.9.1, MySql, & ACID
according to 
a previous version of Michaels documents. I had the users and database 
permission's set up properly, why would upgrading to 2.0 in the same 
directory as 1.9.1 cause my service to fail or not start??

Obviously I overlooked something, I'm just not sure what it is..

Thank you all for your help...

--Brad





> From: "Michael Steele" <michaels () silicondefense com>
> To: "'Erek Adams'" <erek () snort org>,"'kerberos K'"
<kerberos_k () hotmail com>
> CC: <RussU () RP-L com>, <snort-users () lists sourceforge net>
> Subject: RE: [Snort-users] Snort 2.0 as a Windows Service??
> Date: Wed, 23 Apr 2003 08:56:44 -0700
>
> Erek,
>
> How can you tell he has two output database plugins?
>
> In my documentation it specifies two output database lines. 0ne is
alert
> and the other is log.
>
> If he is using my docs, leave in both line, but make sure the syntax is
> correct. I'm assuming he has failed to properly setup the users in the
> database.
>
> He can also execute his run line with a -T at the end but most likely
> won't get much more information. He can also check the Application log
> and see what it's reporting.
>
> -Michael
> --
>  Michael Steele | System Engineer / Support Technician
>  mailto:michaels () silicondefense com
>  Silicon Defense - The Cyber-War Defense Company
>  Website: http://www.silicondefense.com
>  Snort: Open Source Network IDS - http://www.snort.org
>
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Erek
Adams
> Sent: Wednesday, April 23, 2003 6:24 AM
> To: kerberos K
> Cc: RussU () RP-L com; snort-users () lists sourceforge net
> Subject: RE: [Snort-users] Snort 2.0 as a Windows Service??
>
> On Tue, 22 Apr 2003, kerberos K wrote:
>
> [...snip...]
>
> > database: compiled support for ( mysql odbc )
> > database: configured to use mysql
> > database:          user = snort
> > database: password is set
> > database: database name = snort
> > database:          host = 127.0.0.1
> > database:          port = 3306
> > database:   sensor name = Websrv15e
> > database:     sensor id = 2
> > database: schema version = 106
> > database: using the "alert" facility
> > database: compiled support for ( mysql odbc )
> > database: configured to use mysql
> > database:          user = snort
> > database: database name = snort
> > database:          host = 127.0.0.1
> > database:          port = 3306
> > database:   sensor name = Websrv15e
> > ERROR: database: mysql_error: Access denied for user:
> 'snort@127.0.0.1'
> > (Using password: NO)
> > Fatal Error, Quitting..
> >
> > > From reading some of the archives, I suspect this is a a Mysql
error.
> Being
> > a novice though, I'm curious as to how simply upgrading Snort would
> affect
> > my Database tables and permissions?? Also, reading Michael Steele's
> > documentation on this (as well as how I configured it with 1.9.1),
the
> > service should be running prior to even configuring MySql...
>
> You've got 2 db output plugin lines in your snort.conf.  Remove the
> second
> one and all should be well.  Use the one that has a password listed,
> since
> that's what the second seems to be failing on.
>
> Cheers!
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail






-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users