Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort as a service on Windows 2000

From: August.K.Kunnecke () pmusa com
Date: Thu, 3 Apr 2003 14:17:48 -0500
I am trying to use Snort on a Windows 2000 server. 

Snort works when I type snort -v -ix. I am having problems getting it to run
as a service. It install fine. When I try to start it, I get different
errors. I have finally decided to stop and see if I can get some help. This
time I am getting the following message in my event viewer:

------------------------------------------------------------
Event Type:     Error
Event Source:   Service Control Manager
Event Category: None
Event ID:       7000
Date:           4/3/2003
Time:           1:59:36 PM
User:           N/A
Computer:       XXXXXX
Description:
The Snort service failed to start due to the following error: 
The system cannot find the file specified
---------------------------------------------------------------------

It usually tells me that is cannot find the snort.conf file in the
application log, but I am not getting any messages in that section. 

When I run snort at a DOS prompt to try to see what file it is missing, I
get the following:

---------------------------------
WARNING: unknown output plugin: 'alert_syslog'WARNING: unknown output
plugin: 'd
atabase'WARNING: unknown output plugin: 'database'1310 Snort rules read...
1310 Option Chains linked into 148 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initializing Snort ==--
Initializing Output Plugins!

[!] ERROR: Can not get write access to logging directory "log".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)

Fatal Error, Quitting..
-------------------------------------------------

I followed the instructions from the snort.org web site. I tried moving the
snort.exe to the snort directory. I also tried to move (and copy) the
snort.conf file, but I still get the same error.


I also have some questions about the config files: 

One document I read had the path names to the files listed with the "/"
character  Another set of instructions said to use the standard "\"
backslash character.  Which is the correct convention to use?


Thanks in advance for any help.




-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: