Snort 1.8.7 as a Win2K Service

["L. Christopher Luther" <CLuther () Xybernaut com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Using the Snort 1.8.7 binary from Silicon Defense, I've attempted to
install Snort as a Win2K service.  I've used this same Snort binary
on the same machine via a console shell, and everything worked
perfectly (e.g., alerts to an ASCII file, logging to a remote MySQL
database).  

When I install Snort as a service, the following output is generated:
 

[snip]
C:\BIN\Snort>snort.exe /SERVICE /INSTALL -c "C:\BIN\Snort\snort.conf"
- -l "C:\BIN\Snort\log" -h 10.0.1.0/24 -i 1 -y

 [SNORT_SERVICE] Attempting to install the Snort service.

 [SNORT_SERVICE] The full path to the Snort binary appears to be:
    C:\BIN\Snort\snort.exe /SERVICE

 [SNORT_SERVICE] Successfully added registry keys to:
    \HKEY_LOCAL_MACHINE\SOFTWARE\Snort\

 [SNORT_SERVICE] Successfully added the Snort service to the Services
database.
[snip

And when I "show" the service parameters, they appear as:  

[snip]
C:\BIN\Snort>snort.exe /SERVICE /SHOW

Snort is currently configured to run as a Windows service using the
following
command-line parameters:

     -c C:\BIN\Snort\snort.conf -l C:\BIN\Snort\log -h 10.0.1.0/24 -i
1 -y
[snip]

So far, everything is normal.  BTW, this is the exact command line I
use to launch Snort via a command shell.  

However, when I attempt to start Snort via the Services MMC snap-in
or a console "net start snort" command, the service appears to start
correctly, but I end up with an Event Log message that indicates
something bad happened:    

Event Type:     Error
Event Source:   Service Control Manager
Event Category: None
Event ID:       7031
Date:           12/10/2002
Time:           3:25:23 PM
User:           N/A
Computer:       DEMOXSI-1
Description:
The Snort service terminated unexpectedly.  It has done this 1
time(s).  The following corrective action will be taken in 0
milliseconds: No action. 

That's nothing else.  Does anyone have any clues about this one?  


Sincerely,  

L. Christopher Luther  
Technical Consultant  
Xybernaut Solutions, Inc.  
(703) 654-3642  
cluther () xybernaut com  
http://www.xybernautsolutions.com  

My PGP Public Key:  
http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 631-6925. 

- ------------------------------------------------------------
Unsolicited commercial e-mail will automatically be reported
to the appropriate abuse@ - without exception.
- ------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2

iQA/AwUBPfZbm6u/XM0hJhuIEQKPQACeO/sXB1auY/Z8vGaZmO64Bvyf96oAniqa
Kfz4UwaPiQT3VnkTLBpXHjYe
=lOLN
-----END PGP SIGNATURE-----