Snort mailing list archives
Snort 1.8.7 as a Win2K Service
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 10 Dec 2002 16:24:43 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Using the Snort 1.8.7 binary from Silicon Defense, I've attempted to install Snort as a Win2K service. I've used this same Snort binary on the same machine via a console shell, and everything worked perfectly (e.g., alerts to an ASCII file, logging to a remote MySQL database). When I install Snort as a service, the following output is generated: [snip] C:\BIN\Snort>snort.exe /SERVICE /INSTALL -c "C:\BIN\Snort\snort.conf" - -l "C:\BIN\Snort\log" -h 10.0.1.0/24 -i 1 -y [SNORT_SERVICE] Attempting to install the Snort service. [SNORT_SERVICE] The full path to the Snort binary appears to be: C:\BIN\Snort\snort.exe /SERVICE [SNORT_SERVICE] Successfully added registry keys to: \HKEY_LOCAL_MACHINE\SOFTWARE\Snort\ [SNORT_SERVICE] Successfully added the Snort service to the Services database. [snip And when I "show" the service parameters, they appear as: [snip] C:\BIN\Snort>snort.exe /SERVICE /SHOW Snort is currently configured to run as a Windows service using the following command-line parameters: -c C:\BIN\Snort\snort.conf -l C:\BIN\Snort\log -h 10.0.1.0/24 -i 1 -y [snip] So far, everything is normal. BTW, this is the exact command line I use to launch Snort via a command shell. However, when I attempt to start Snort via the Services MMC snap-in or a console "net start snort" command, the service appears to start correctly, but I end up with an Event Log message that indicates something bad happened: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7031 Date: 12/10/2002 Time: 3:25:23 PM User: N/A Computer: DEMOXSI-1 Description: The Snort service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action. That's nothing else. Does anyone have any clues about this one? Sincerely, L. Christopher Luther Technical Consultant Xybernaut Solutions, Inc. (703) 654-3642 cluther () xybernaut com http://www.xybernautsolutions.com My PGP Public Key: http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88 CONFIDENTIALITY NOTE: This communication contains information that is confidential and/or legally privileged. This information is intended only for the use of the individual or entity named on this communication. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, printing or other use of, or any action in reliance on, the contents of this communication is strictly prohibited. If you receive this communication in error, please immediately notify us by telephone at (703) 631-6925. - ------------------------------------------------------------ Unsolicited commercial e-mail will automatically be reported to the appropriate abuse@ - without exception. - ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.2 iQA/AwUBPfZbm6u/XM0hJhuIEQKPQACeO/sXB1auY/Z8vGaZmO64Bvyf96oAniqa Kfz4UwaPiQT3VnkTLBpXHjYe =lOLN -----END PGP SIGNATURE-----
Current thread:
- Snort 1.8.7 as a Win2K Service L. Christopher Luther (Dec 10)