Snort mailing list archives
RE: Corrupt Snort Logging - Win32 Terminal Server2000
From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 4 Dec 2003 08:48:45 -0800
For some reason Server locks Snort.exe from deletion. After uninstall you will need to reboot to get windows to unlock the file and then you can delete. To get around rebooting, just rename the Snort folder and let the new installation create a new one. Move whatever files you need into the newly created Snort folder from the old snort folder. You really don't need uninstall, just stop snort, rename the folder to something else then install the new version of snort. This way you won't have to recreate the service. Just move your old snort.conf and whatever else from the old installation to the new snort install and restart Snort. Make SURE that you remove WinPcap completely before installing a new version. Note: If you are running Terminal Services under Windows 2000 Server or Advanced Server, you MUST install MySQL from the Add/Remove panel. You can also type from a command window "change user /install" and after you install MySQL type from a command window "change user /execute". You should do this with every install that has an installer. Cheers... -The WINSNORT.com Management Team -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: Jim Robinson [mailto:jim () linux-sp com] Sent: Thursday, December 04, 2003 5:28 AM To: Michael Steele Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Corrupt Snort Logging - Win32 Terminal Server2000 Michael, Try this for strange. I tried stopping snort, uninstalling it and it failed to delete the executable. I manually tried to delete it and it said that it was in use. I checked this and no process seemed to have a lock on on it - I even used Active Ports to see if anything had failed and was still using it via a socket and nothing. I could rename it though.....? Anyway, I reinstalled it and it complained about Winpcap so I uninstalled everything and then reinstalled everything and still no joy. Finally I reinstalled Winpcap one more time over the top and snort decided to start again - with the same logging errors! The server is less than a year old and has more than 512mb of RAM I am sure (not my server). I have not tried changing any components yet and it logs to a test file only. Pretty simple install really. Just a note it will run just fine during the night time it's during the day that it seems to go crazy. I'm still lost on this one! :) Jim On Thu, 2003-12-04 at 00:03, Michael Steele wrote:That's bazaar... Have you tried rebooting? I know you hate too, It'sbeen214 days without a reboot on mine, not a record yet but getting there.Howmuch memory do you have? When did this start to happen? Was any changesmadejust before it started to do this? Have you restarted the database? Haveyoutried to start the log over? Have you updated your NIC drivers? Have you tried to switch out your memory modules? Have you tried to switch outyourNIC? Have you..... :) Cheers... -The WINSNORT.com Management Team
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Corrupt Snort Logging - Win32 Terminal Server 2000 Jim Robinson (Dec 03)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Michael Steele (Dec 03)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Jim Robinson (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 John Tapparo (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server2000 Michael Steele (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Jim Robinson (Dec 04)
- RE: Corrupt Snort Logging - Win32 Terminal Server 2000 Michael Steele (Dec 03)