RE: Snort 1.9 as Service Help

["Michael Steele" <michaels () silicondefense com>]

Scott,

Try this:

1) Setup snort as you normally would for a service.

2) Go into the Services and select Snort and stop the service if running

3) Right click on the Snort entry and select properties

4) Select the Log On Tab and check "allow this service to interact with
desktop"

5) Select the Snort service and start the service

What this will do is start snort in a command window using the services
start procedure, and whatever is happening will be displayed in the
command window. Let me know what is going on. Cut and past the text to
an Email to me.  You should also be getting something in your Event Log
under the application tab. Be sure to go and uncheck #4 after it's
fixed.

Send me any error messages.

-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels () silicondefense com    
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Scott
Phippen
Sent: Thursday, October 31, 2002 2:27 PM
To: 'Michael Steele'
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 1.9 as Service Help

Thanks for the reply!!

However, if the problem was related to MySQL, why would everything work
(snort, ACID, etc.) when I run it from the command line? I would think
if
there were problems with the tables or config, snort would fail
regardless
of whether it was started as a service or not. Thanks for the help!

Scott

-----Original Message-----
From: Michael Steele [mailto:michaels () silicondefense com]
Sent: Tuesday, October 29, 2002 7:08 PM
To: ScottPhippen () vitalworks com
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 1.9 as Service Help


Scott,

The 1067 error, means an MySQL server aborted.

The cause should be:

- Missed (dropped) or corrupted MySQL grant tables.
- Wrong variable(s) on the configuration file (my.ini\my.cnf)

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Scott
Phippen
Sent: Tuesday, October 29, 2002 11:37 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 1.9 as Service Help

Michael,

I'm also having a similar issue only on a WinXP box. Here's the list:
Snort 1.9 (logging to mysql db)
MySql 3.23.52
ACID v0.9.6b21
Adodb 2.31
Apache 1.3.27
WinXP

D:\Snort19>snort /service /install -devyXoaw -c d:\snort19\snort.conf -l
d:\snort19\logs -i1
 [SNORT_SERVICE] Attempting to install the Snort service.
 [SNORT_SERVICE] The full path to the Snort binary appears to be:
    D:\Snort19\snort /SERVICE
 [SNORT_SERVICE] Successfully added registry keys to:
    \HKEY_LOCAL_MACHINE\SOFTWARE\Snort\
 [SNORT_SERVICE] Successfully added the Snort service to the Services
database.

D:\Snort19>net start snort
The Snort service is starting.
The Snort service could not be started.
A system error has occurred.
System error 1067 has occurred.
The process terminated unexpectedly.


I can fire up snort fine from the command line with the exact same
options
(sans the /service /install) and it works fine. However, when I install
it
as a service and try to start it, I get the System Error 1067. There
isn't
much showing up in the Event Log either.

Any advice you (or anyone else) can provide would be greatly
appreciated.

Thanks!

Scott



From: "Michael Steele" <michaels () silicondefense com>
To: <bunger () mail BillUnger com>
Cc: <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Snort 1.9 as Service Help
Date: Tue, 15 Oct 2002 20:43:57 -0700

Bill,

I have walked more people through this procedure then I can count. It's
not uncommon to have this problem. Be sure you are in the same folder as
snort when you execute the commands. Does the command line work from the
shell? After you execute the service install have you tried "net start
snort" from the command line. If you got no error check the Task Manager
to see if Snort is listed as a running process.

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users