Snort
mailing list archives
[no subject]
snort /SERVICE /SHOW
Make sure the parameters are correct and you can cut and paste to this next
test.
Run snort from a shell and use the FULL command line and tag a -T on the
end.
Example: snort -c <full path>\snort.conf -l <full path>\log -i1 -T
You should see the error. Also check the Event Log under Application for any
errors Snort may have generated.
Cheers...
-Michael Steele
--
System Engineer / Security Support Technician
mailto:michaels () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org
_____
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Sean Lazar
Sent: Saturday, August 23, 2003 7:27 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] RE: Win32 Snort as a service: Error 1067
I modified the install to my specs. I followed the guide
http://www.silicondefense.com/support/windows/winsnortdocs/winsnarfiis.php
but I changed the service install command. I only have one partition (no D
drive) and didn't want to run IIS.
I wanted to share my experiences with how I got the error 1067, and what I
did to change it.
The command:
snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1
will give an error 1067 when you try to start the service.
The command:
snort /service /install -l C:\snort\log
works better and does not give the error. I think that the -c paramater is
the culprit.
It looks like the snort found on your website
http://www.silicondefense.com/support/windows/files/snort200/Snort_201_Build
88_Installer.exe and the one found on the snort page
http://www.snort.org/dl/binaries/win32/snort-2_0_1.exe are probably the same
because they have the same file size.
Hope that clarifies things.
Sean
----- Original Message -----
From: Michael <mailto:michaels () winsnort com> Steele
To: snort-users () lists sourceforge net
Sent: Saturday, August 23, 2003 3:35 PM
Subject: RE: [Snort-users] RE: Win32 Snort as a service: Error 1067
Sean,
This is confusing.
Did you follow the guide exactly as it instructed, or did you modify the
install to your specs?
Cheers...
-Michael Steele
--
System Engineer / Security Support Technician
mailto:michaels () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org
_____
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Sean Lazar
Sent: Saturday, August 23, 2003 2:10 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] RE: Win32 Snort as a service: Error 1067
Hi I wanted to share my experiences with Snort on Windows, and the error
1067 when I used it as a service. I have a windows xp machine and have
installed the 2.0.1 win32 binary off the snort.org website. Winpcap 3.0.0
installed. Easy install and I just went for it and I got it to run as a
service with the commands:
C:\>cd C:\snort\bin
C:\>snort /service /install -l C:\snort\log
no problems there. The service starts and stops beautifully. But then I
tried following Silicon Defense's guide and that's when I got the 1026
error:
http://www.silicondefense.com/support/windows/winsnortdocs/winsnarfiis.php
Michael uses the command: snort /SERVICE /INSTALL -c
d:\applications\snort\etc\snort.conf -l c:\Inetpub\wwwroot\log -ix
I modified that (only one partition and no iis).
snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1
At that point when you try to start the service it stops and gives you an
error 1067.
Hope that helps confused people. Note I didn't download snort off of
www.silicondefense.com. Perhaps it is a slightly different build w/ fixes.
Sean
------=_NextPart_000_0017_01C369CE.7D8B5A90
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{margin-right:0in;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.emailstyle17
{font-family:Arial;
color:navy;}
span.EmailStyle19
{font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Ok, so you didn’t want to =
install
IIS so did you follow the guide for Apache?</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>This problem is only specific to =
your
install and is something that is not a general =
problem.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You MUST specify a snort.conf file =
using
the -c switch, and all the necessary paths MUST be specified in that =
file. Go
back and check this out.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Look in your event viewer under
application for any errors that Snort may have =
generated.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>To start over:</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Remove the service: snort /SERVICE =
/UNINSTALL</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Note: You may need a =
reboot</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Make SURE you have properly edited =
your
snort.conf</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Now CD to the snort\bin folder and =
install
the service: snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l =
c:\snort\log
-i1 </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Try running Snort using the service =
again
and see if it is operating properly.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>To do this, go into services and go =
down
the list to the ‘snort’ entry, right click on the snort =
entry and select
start.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>If Snort still failed =
then:</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>From the shell CD to your snort\bin =
folder
and type:</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>snort /SERVICE =
/SHOW</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Make sure the parameters are =
correct and
you can cut and paste to this next test.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Run snort from a shell and use the =
FULL
command line and tag a -T on the end.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Example: snort -c <full =
path>\snort.conf
-l <full path>\log -i1 -T</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You should see the error. Also =
check the
Event Log under Application for any errors Snort may have =
generated.</span></font></p>
<div>
<p style=3D'margin-bottom:12.0pt'><font size=3D2 color=3Dnavy =
face=3D"Times New Roman"><span
style=3D'font-size:10.0pt;color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
System Engineer / Security Support =
Technician <br>
<a =
href=3D"mailto:michaels () winsnort com">mailto:michaels () winsnort com</a>&nb=
sp; <br>
Website: <a =
href=3D"http://www.winsnort.com">http://www.winsnort.com</a><br>
Snort: Open Source Network IDS - <a =
href=3D"http://www.snort.org">http://www.snort.org</a></span></font></p>
</div>
<div>
<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>
<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>
</span></font></div>
<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'>
snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] <b><span =
style=3D'font-weight:
bold'>On Behalf Of </span></b>Sean Lazar<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Saturday, August =
23, 2003
7:27 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
snort-users () lists sourceforge net<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Re: =
[Snort-users] RE:
Win32 Snort as a service: Error 1067</span></font></p>
</div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I modified the install to my specs. I followed the =
guide <a
href=3D"http://www.silicondefense.com/support/windows/winsnortdocs/winsna=
rfiis.php">http://www.silicondefense.com/support/windows/winsnortdocs/win=
snarfiis.php</a> but
I changed the service install command. I only have one partition (no D =
drive)
and didn't want to run IIS.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I wanted to share my experiences with how I got the =
error
1067, and what I did to change it.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>The command:</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l
c:\snort\log -i1</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>will give an error 1067 when you try to start the =
service.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>The command:</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>snort /service /install -l =
C:\snort\log</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>works better and does not give the error. I think =
that the
-c paramater is the culprit.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>It looks like the snort found on your website <a
href=3D"http://www.silicondefense.com/support/windows/files/snort200/Snor=
t_201_Build88_Installer.exe">http://www.silicondefense.com/support/window=
s/files/snort200/Snort_201_Build88_Installer.exe</a> and
the one found on the snort page <a
href=3D"http://www.snort.org/dl/binaries/win32/snort-2_0_1.exe">http://ww=
w.snort.org/dl/binaries/win32/snort-2_0_1.exe</a> are
probably the same because they have the same file =
size.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hope that clarifies things.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Sean</span></font></p>
</div>
<blockquote style=3D'border:none;border-left:solid black =
1.5pt;padding:0in 0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'=
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>----- Original Message ----- </span></font></p>
</div>
<div style=3D'font-color:black'>
<p class=3DMsoNormal style=3D'background:#E4E4E4'><b><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;font-weight:bold'>From:</span=
</font></b><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'> <a
href=3D"mailto:michaels () winsnort com" =
title=3D"michaels () winsnort com">Michael
Steele</a> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>To:</span></font></b><font size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> <a
href=3D"mailto:snort-users () lists sourceforge net"
title=3D"snort-users () lists sourceforge net">snort-users@lists.sourceforge=
.net</a>
</span></font></p>
</div>
<div>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Sent:</span></font></b><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> =
Saturday, August
23, 2003 3:35 PM</span></font></p>
</div>
<div>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Subject:</span></font></b><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> RE: =
[Snort-users]
RE: Win32 Snort as a service: Error 1067</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Sean,</span></font></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>This is =
confusing.</span></font></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Did you follow the guide exactly as =
it
instructed, or did you modify the install to your =
specs?</span></font></p>
<div>
<p style=3D'margin-bottom:12.0pt'><font size=3D2 color=3Dnavy =
face=3D"Times New Roman"><span
style=3D'font-size:10.0pt;color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
System Engineer / Security Support =
Technician <br>
<a =
href=3D"mailto:michaels () winsnort com">mailto:michaels () winsnort com</a>&nb=
sp; <br>
Website: <a =
href=3D"http://www.winsnort.com">http://www.winsnort.com</a><br>
Snort: Open Source Network IDS - <a =
href=3D"http://www.snort.org">http://www.snort.org</a></span></font></p>
</div>
<div>
<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>
<hr size=3D2 width=3D"100%" align=3Dcenter tabIndex=3D-1>
</span></font></div>
<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> <a
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admin=
@lists.sourceforge.net</a>
[mailto:snort-users-admin () lists sourceforge net] <b><span =
style=3D'font-weight:
bold'>On Behalf Of </span></b>Sean Lazar<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Saturday, August =
23, 2003
2:10 AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
snort-users () lists sourceforge net<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> [Snort-users] =
RE: Win32
Snort as a service: Error 1067</span></font></p>
</div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hi I wanted to share my experiences with Snort on =
Windows,
and the error 1067 when I used it as a service. I have a windows xp =
machine and
have installed the 2.0.1 win32 binary off the snort.org website. Winpcap =
3.0.0
installed. Easy install and I just went for it and I got it to run as a =
service
with the commands:</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>C:\>cd C:\snort\bin</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>C:\>snort /service /install -l =
C:\snort\log</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>no problems there. The service starts and stops =
beautifully.
But then I tried following Silicon Defense's guide and that's when I got =
the
1026 error:</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><a
href=3D"http://www.silicondefense.com/support/windows/winsnortdocs/winsna=
rfiis.php">http://www.silicondefense.com/support/windows/winsnortdocs/win=
snarfiis.php</a></span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Michael uses the command: snort /SERVICE /INSTALL -c
d:\applications\snort\etc\snort.conf -l c:\Inetpub\wwwroot\log =
-ix</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I modified that (only one partition and no =
iis).</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l
c:\snort\log -i1</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>At that point when you try to start the service it =
stops and
gives you an error 1067.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hope that helps confused people. Note I didn't =
download
snort off of <a =
href=3D"http://www.silicondefense.com">www.silicondefense.com</a>.
Perhaps it is a slightly different build w/ fixes.</span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'> </span></font></p>
</div>
<div>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Sean</span></font></p>
</div>
</blockquote>
</div>
</body>
</html>
------=_NextPart_000_0017_01C369CE.7D8B5A90--
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [no subject] Unknown (Feb 04)