Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Corrupt Snort Logging - Win32 Terminal Server 2000

From: John Tapparo <jttdi () yahoo com>
Date: Thu, 4 Dec 2003 06:25:28 -0800 (PST)
It really looks like you have multiple invocations of
snort running to the same log file (intermingled log
entries, unable to delete the exec).  It looks like
you have checked this.  One other thing to check is,
is the Snort install shared out and running on another
machine?  With your daytime problem, did something get
into someone's startup group?  Or is terminal services
starting it for each user that logs in for some reason
(it's flagged as some sort of login service rather
than system service?) (I don't know much about
terminal services or Snort on Win32).

--- Jim Robinson <jim () linux-sp com> wrote:

Michael,

Try this for strange.  I tried stopping snort,
uninstalling it and it
failed to delete the executable.  I manually tried
to delete it and it
said that it was in use.  I checked this and no
process seemed to have a
lock on on it - I even used Active Ports to see if
anything had failed
and was still using it via a socket and nothing.  I
could rename it
though.....?  Anyway, I reinstalled it and it
complained about Winpcap
so I uninstalled everything and then reinstalled
everything and still no
joy.  Finally I reinstalled Winpcap one more time
over the top and snort
decided to start again - with the same logging
errors!

The server is less than a year old and has more than
512mb of RAM I am
sure (not my server).  I have not tried changing any
components yet and
it logs to a test file only.  Pretty simple install
really.  Just a note
it will run just fine during the night time it's
during the day that it
seems to go crazy.  I'm still lost on this one!

:)

Jim




__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/


-------------------------------------------------------
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: