Snort mailing list archives

RE: Snort 2.0 as a Windows Service??

From: "kerberos K" <kerberos_k () hotmail com>
Date: Tue, 22 Apr 2003 16:15:53 -0400

Russ,

Here is the output from that command:

C:\Snort\snort\bin>snort -c c:\snort\snort\etc\snort.conf -lc:\snort\snort\log -h 10.0.1.0.0/24 -

Running in IDS mode
Log directory = c:\snort\snort\log

Initializing Network Interface\Device\NPF_{2B69D982-02F2-4669-B6F4-A80FB5340CAB}


       --== Initializing Snort ==--
Initializing Output Plugins!

Decoding Ethernet on interface\Device\NPF_{2B69D982-02F2-4669-B6F4-A80FB5340CAB}

Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file c:\snort\snort\etc\snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
   Fragment timeout: 60 seconds
   Fragment memory cap: 4194304 bytes
   Fragment min_ttl:   0
   Fragment ttl_limit: 5
   Fragment Problems: 0
   Self preservation threshold: 500
   Self preservation period: 90
   Suspend threshold: 1000
   Suspend period: 30
Stream4 config:
   Stateful inspection: ACTIVE
   Session statistics: INACTIVE
   Session timeout: 30 seconds
   Session memory cap: 8388608 bytes
   State alerts: INACTIVE
   Evasion alerts: INACTIVE
   Scan alerts: ACTIVE
   Log Flushed Streams: INACTIVE
   MinTTL: 1
   TTL Limit: 5
   Async Link: 0
   State Protection: 0
   Self preservation threshold: 50
   Self preservation period: 90
   Suspend threshold: 200
   Suspend period: 30
Stream4_reassemble config:
   Server reassembly: INACTIVE
   Client reassembly: ACTIVE
   Reassembler alerts: ACTIVE
   Ports: 21 23 25 53 80 110 111 143 513 1433
   Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
http_decode arguments:
   Unicode decoding
   IIS alternate Unicode decoding
   IIS double encoding vuln
   Flip backslash to slash
   Include additional whitespace separators
   Ports to decode http on: 80
rpc_decode arguments:
   Ports to decode RPC on: 111 32771
   alert_fragments: INACTIVE
   alert_large_fragments: ACTIVE
   alert_incomplete: ACTIVE
   alert_multiple_requests: ACTIVE
telnet_decode arguments:
   Ports to decode telnet on: 21 23 25 119
database: compiled support for ( mysql odbc )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = 127.0.0.1
database:          port = 3306
database:   sensor name = Websrv15e
database:     sensor id = 2
database: schema version = 106
database: using the "alert" facility
database: compiled support for ( mysql odbc )
database: configured to use mysql
database:          user = snort
database: database name = snort
database:          host = 127.0.0.1
database:          port = 3306
database:   sensor name = Websrv15e

ERROR: database: mysql_error: Access denied for user: 'snort@127.0.0.1'(Using password: NO)

Fatal Error, Quitting..

From reading some of the archives, I suspect this is a a Mysql error. Being

a novice though, I'm curious as to how simply upgrading Snort would affectmy Database tables and permissions?? Also, reading Michael Steele'sdocumentation on this (as well as how I configured it with 1.9.1), theservice should be running prior to even configuring MySql...


Thanks for any and all assistance...

--Brad

From: "Uhte, Russ" <RussU () RP-L com>

To: 'kerberos K' <kerberos_k () hotmail com>,"'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net>

Subject: RE: [Snort-users] Snort 2.0 as a Windows Service??
Date: Tue, 22 Apr 2003 13:44:10 -0500

Run snort from the command prompt as

C:\BIN\Snort>snort.exe -c "C:\BIN\Snort\snort.conf" -l "C:\BIN\Snort\log"-h

10.0.1.0/24[Ip address sanitized] -i 1 -y

What error are you getting from this??

-Russ

> -----Original Message-----
> From: kerberos K [mailto:kerberos_k () hotmail com]
> Sent: Tuesday, April 22, 2003 1:19 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Snort 2.0 as a Windows Service??
>
>
>
>
> I'm using the Snort 2.0 binary from both Snort.org and
> Silicon Defense, I've
> attempted to install Snort as a Win2K service.  I've used both Snort
> binaries on the same machine via a command line, and
> everything appears to
> have worked...
>
> When I install Snort as a service, the following output is generated:
>
> C:\BIN\Snort>snort.exe /SERVICE /INSTALL -c "C:\BIN\Snort\snort.conf"
> - -l "C:\BIN\Snort\log" -h 10.0.1.0/24[Ip address sanitized] -i 1 -y
>
> [SNORT_SERVICE] Attempting to install the Snort service.
>
> [SNORT_SERVICE] The full path to the Snort binary appears to be:
>     C:\BIN\Snort\snort.exe /SERVICE
>
> [SNORT_SERVICE] Successfully added registry keys to:
>     \HKEY_LOCAL_MACHINE\SOFTWARE\Snort\
>
> [SNORT_SERVICE] Successfully added the Snort service to the Services
> database.
>
>
> And when I "show" the service parameters, they appear as:
>
> C:\Snort\snort\bin>snort /service /show
>
> Snort is currently configured to run as a Windows service using the
> following
> command-line parameters:
>
>      -c c:\snort\snort\etc\snort.conf -l c:\snort\snort\log
> -h 10.0.1.0/24
> [Ip address sanitized]-i 1 -y
>
> However when I attempt to start the service via either
> command line, or
> through the services applet I get the following error:
>
> "C:\Snort\snort\bin>net start snort
> The Snort service is starting.
> The Snort service could not be started.
>
> A system error has occurred.
>
> System error 1067 has occurred.
>
> The process terminated unexpectedly."
>
> I previously had Snort 1.9.1 running as a service and
> successfully logging
> to a mysql database and ACID. This current issue happened
> when I attempted
> to upgrade from 1.9.1 to 2.0.
>
> I know this issue has come up several times in the past, I
> just have not
> seen a solution? Did I miss something? I'm searching through
> the archive
> messages now. I was just hoping maybe some could point me in
> the right
> direction...
>
> Thanks
>
> Brad
>
>
> _________________________________________________________________
> The new MSN 8: smart spam protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> ---
> [This E-mail scanned for viruses by Declude Virus]
>


---

CONFIDENTIALITY NOTICE: This email and any attachments are for theexclusive

and confidential use of the intended recipient. If you are not the intended
recipient, please do not read, distribute or take action in reliance upon
this message. If you have received this in error, please notify us
immediately by return email and promptly delete this message and its
attachments from your computer system.
---


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_________________________________________________________________

STOP MORE SPAM with the new MSN 8 and get 2 months FREE*http://join.msn.com/?page=features/junkmail




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 2.0 as a Windows Service?? kerberos K (Apr 22)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 22)
- <Possible follow-ups>
- RE: Snort 2.0 as a Windows Service?? Uhte, Russ (Apr 22)
- RE: Snort 2.0 as a Windows Service?? kerberos K (Apr 22)
  - RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
    - RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 23)
    - RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
    - RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Uhte, Russ (Apr 23)
  - RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Uhte, Russ (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 23)