Snort mailing list archives
RE: Snort 2.0 as a Windows Service??
From: "kerberos K" <kerberos_k () hotmail com>
Date: Tue, 22 Apr 2003 16:15:53 -0400
Russ, Here is the output from that command:C:\Snort\snort\bin>snort -c c:\snort\snort\etc\snort.conf -l c:\snort\snort\log -h 10.0.1.0.0/24 -
Running in IDS mode Log directory = c:\snort\snort\logInitializing Network Interface \Device\NPF_{2B69D982-02F2-4669-B6F4-A80FB5340CAB}
--== Initializing Snort ==-- Initializing Output Plugins!Decoding Ethernet on interface \Device\NPF_{2B69D982-02F2-4669-B6F4-A80FB5340CAB}
Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file c:\snort\snort\etc\snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 database: compiled support for ( mysql odbc ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = 127.0.0.1 database: port = 3306 database: sensor name = Websrv15e database: sensor id = 2 database: schema version = 106 database: using the "alert" facility database: compiled support for ( mysql odbc ) database: configured to use mysql database: user = snort database: database name = snort database: host = 127.0.0.1 database: port = 3306 database: sensor name = Websrv15eERROR: database: mysql_error: Access denied for user: 'snort@127.0.0.1' (Using password: NO)
Fatal Error, Quitting..
From reading some of the archives, I suspect this is a a Mysql error. Beinga novice though, I'm curious as to how simply upgrading Snort would affect my Database tables and permissions?? Also, reading Michael Steele's documentation on this (as well as how I configured it with 1.9.1), the service should be running prior to even configuring MySql...
Thanks for any and all assistance... --Brad
From: "Uhte, Russ" <RussU () RP-L com>To: 'kerberos K' <kerberos_k () hotmail com>, "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net>Subject: RE: [Snort-users] Snort 2.0 as a Windows Service?? Date: Tue, 22 Apr 2003 13:44:10 -0500 Run snort from the command prompt asC:\BIN\Snort>snort.exe -c "C:\BIN\Snort\snort.conf" -l "C:\BIN\Snort\log" -h10.0.1.0/24[Ip address sanitized] -i 1 -y What error are you getting from this?? -Russ > -----Original Message----- > From: kerberos K [mailto:kerberos_k () hotmail com] > Sent: Tuesday, April 22, 2003 1:19 PM > To: snort-users () lists sourceforge net > Subject: [Snort-users] Snort 2.0 as a Windows Service?? > > > > > I'm using the Snort 2.0 binary from both Snort.org and > Silicon Defense, I've > attempted to install Snort as a Win2K service. I've used both Snort > binaries on the same machine via a command line, and > everything appears to > have worked... > > When I install Snort as a service, the following output is generated: > > C:\BIN\Snort>snort.exe /SERVICE /INSTALL -c "C:\BIN\Snort\snort.conf" > - -l "C:\BIN\Snort\log" -h 10.0.1.0/24[Ip address sanitized] -i 1 -y > > [SNORT_SERVICE] Attempting to install the Snort service. > > [SNORT_SERVICE] The full path to the Snort binary appears to be: > C:\BIN\Snort\snort.exe /SERVICE > > [SNORT_SERVICE] Successfully added registry keys to: > \HKEY_LOCAL_MACHINE\SOFTWARE\Snort\ > > [SNORT_SERVICE] Successfully added the Snort service to the Services > database. > > > And when I "show" the service parameters, they appear as: > > C:\Snort\snort\bin>snort /service /show > > Snort is currently configured to run as a Windows service using the > following > command-line parameters: > > -c c:\snort\snort\etc\snort.conf -l c:\snort\snort\log > -h 10.0.1.0/24 > [Ip address sanitized]-i 1 -y > > However when I attempt to start the service via either > command line, or > through the services applet I get the following error: > > "C:\Snort\snort\bin>net start snort > The Snort service is starting. > The Snort service could not be started. > > A system error has occurred. > > System error 1067 has occurred. > > The process terminated unexpectedly." > > I previously had Snort 1.9.1 running as a service and > successfully logging > to a mysql database and ACID. This current issue happened > when I attempted > to upgrade from 1.9.1 to 2.0. > > I know this issue has come up several times in the past, I > just have not > seen a solution? Did I miss something? I'm searching through > the archive > messages now. I was just hoping maybe some could point me in > the right > direction... > > Thanks > > Brad > > > _________________________________________________________________ > The new MSN 8: smart spam protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users > --- > [This E-mail scanned for viruses by Declude Virus] > ---CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusiveand confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. --- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.0 as a Windows Service?? kerberos K (Apr 22)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 22)
- <Possible follow-ups>
- RE: Snort 2.0 as a Windows Service?? Uhte, Russ (Apr 22)
- RE: Snort 2.0 as a Windows Service?? kerberos K (Apr 22)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 23)