Snort mailing list archives
RE: Corrupt Snort Logging - Win32 Terminal Server 2000
From: John Tapparo <jttdi () yahoo com>
Date: Thu, 4 Dec 2003 06:25:28 -0800 (PST)
It really looks like you have multiple invocations of snort running to the same log file (intermingled log entries, unable to delete the exec). It looks like you have checked this. One other thing to check is, is the Snort install shared out and running on another machine? With your daytime problem, did something get into someone's startup group? Or is terminal services starting it for each user that logs in for some reason (it's flagged as some sort of login service rather than system service?) (I don't know much about terminal services or Snort on Win32). --- Jim Robinson <jim () linux-sp com> wrote:
Michael, Try this for strange. I tried stopping snort, uninstalling it and it failed to delete the executable. I manually tried to delete it and it said that it was in use. I checked this and no process seemed to have a lock on on it - I even used Active Ports to see if anything had failed and was still using it via a socket and nothing. I could rename it though.....? Anyway, I reinstalled it and it complained about Winpcap so I uninstalled everything and then reinstalled everything and still no joy. Finally I reinstalled Winpcap one more time over the top and snort decided to start again - with the same logging errors! The server is less than a year old and has more than 512mb of RAM I am sure (not my server). I have not tried changing any components yet and it logs to a test file only. Pretty simple install really. Just a note it will run just fine during the night time it's during the day that it seems to go crazy. I'm still lost on this one! :) Jim
__________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Corrupt Snort Logging - Win32 Terminal Server 2000 Jim Robinson (Dec 03)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Michael Steele (Dec 03)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Jim Robinson (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 John Tapparo (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server2000 Michael Steele (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Jim Robinson (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Michael Steele (Dec 03)