Snort mailing list archives

RE: Snort 1.9 as Service Help


From: "Michael Steele" <michaels () silicondefense com>
Date: Fri, 1 Nov 2002 16:12:06 -0800

Scott,

Send me a screen shot and all your config files. If you have MySQL
running in any other place then c:\MySQL\ then you need to have special
provisions for that. If you did a stock install and placed it anywhere
else without following the instructions then MySQL will fail.

Send all config files directly to me ONLY.

What OS are you running?

 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: Scott Phippen [mailto:ScottPhippen () vitalworks com] 
Sent: Friday, November 01, 2002 1:46 PM
To: 'Michael Steele'
Subject: RE: [Snort-users] Snort 1.9 as Service Help

The only error message I'm getting is
"Could not start snort service on Local Computer. Error 1067: Process
terminated unexpectedly."

I did the steps in your email, but no command window appeared when I
tried
to start snort. Just the lovely progress bar as the service tries to
start
and then a dialog box with the above error message.

The only item in the Event viewer shows up under the System log:

Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 11/1/2002
Time: 3:39:24 PM
User: N/A
Computer: SENTRY1
Description:
The Snort service terminated unexpectedly.  It has done this 14 time(s).
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp




-----Original Message-----
From: Michael Steele [mailto:michaels () silicondefense com]
Sent: Thursday, October 31, 2002 6:55 PM
To: ScottPhippen () vitalworks com; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 1.9 as Service Help


Scott,

Try this:

1) Setup snort as you normally would for a service.

2) Go into the Services and select Snort and stop the service if running

3) Right click on the Snort entry and select properties

4) Select the Log On Tab and check "allow this service to interact with
desktop"

5) Select the Snort service and start the service

What this will do is start snort in a command window using the services
start procedure, and whatever is happening will be displayed in the
command window. Let me know what is going on. Cut and past the text to
an Email to me.  You should also be getting something in your Event Log
under the application tab. Be sure to go and uncheck #4 after it's
fixed.

Send me any error messages.

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Scott
Phippen
Sent: Thursday, October 31, 2002 2:27 PM
To: 'Michael Steele'
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 1.9 as Service Help

Thanks for the reply!!

However, if the problem was related to MySQL, why would everything work
(snort, ACID, etc.) when I run it from the command line? I would think
if
there were problems with the tables or config, snort would fail
regardless
of whether it was started as a service or not. Thanks for the help!

Scott

-----Original Message-----
From: Michael Steele [mailto:michaels () silicondefense com]
Sent: Tuesday, October 29, 2002 7:08 PM
To: ScottPhippen () vitalworks com
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 1.9 as Service Help


Scott,

The 1067 error, means an MySQL server aborted.

The cause should be:

- Missed (dropped) or corrupted MySQL grant tables.
- Wrong variable(s) on the configuration file (my.ini\my.cnf)

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Scott
Phippen
Sent: Tuesday, October 29, 2002 11:37 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 1.9 as Service Help

Michael,

I'm also having a similar issue only on a WinXP box. Here's the list:
Snort 1.9 (logging to mysql db)
MySql 3.23.52
ACID v0.9.6b21
Adodb 2.31
Apache 1.3.27
WinXP

D:\Snort19>snort /service /install -devyXoaw -c d:\snort19\snort.conf -l
d:\snort19\logs -i1
 [SNORT_SERVICE] Attempting to install the Snort service.
 [SNORT_SERVICE] The full path to the Snort binary appears to be:
    D:\Snort19\snort /SERVICE
 [SNORT_SERVICE] Successfully added registry keys to:
    \HKEY_LOCAL_MACHINE\SOFTWARE\Snort\
 [SNORT_SERVICE] Successfully added the Snort service to the Services
database.

D:\Snort19>net start snort
The Snort service is starting.
The Snort service could not be started.
A system error has occurred.
System error 1067 has occurred.
The process terminated unexpectedly.


I can fire up snort fine from the command line with the exact same
options
(sans the /service /install) and it works fine. However, when I install
it
as a service and try to start it, I get the System Error 1067. There
isn't
much showing up in the Event Log either.

Any advice you (or anyone else) can provide would be greatly
appreciated.

Thanks!

Scott



From: "Michael Steele" <michaels () silicondefense com>
To: <bunger () mail BillUnger com>
Cc: <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Snort 1.9 as Service Help
Date: Tue, 15 Oct 2002 20:43:57 -0700

Bill,

I have walked more people through this procedure then I can count. It's
not uncommon to have this problem. Be sure you are in the same folder as
snort when you execute the commands. Does the command line work from the
shell? After you execute the service install have you tried "net start
snort" from the command line. If you got no error check the Task Manager
to see if Snort is listed as a running process.

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: