RE: ghosting a snort server???

["Jordan, Jason A" <Jason.Jordan () Honeywell com>]

Disclaimer: I am making a presumption that this is snort on Windows not Linux.

 

Did you check the account name that the service is running under?  Prior to imaging the original system, did you run the
prep routines on the system (I believe its sysprep).  If it's a Windows 2000/XP/2003 type of system the service accounts
and system account information can get mangled during ghosting (i.e. some type of SID conflict).  I'd recommend going
into the Services applet, go into the Snort properties, and verify the credentials it runs under.  Even better, manually
re-select the account (local/domain) and password which Snort will use as its running context.

 

You should be able to run snort from the command line and the help files describe the switches.  

 

Let me know if any of that helps.

 

Jason Jordan

 

 

  _____  

From: Pat Delaney [mailto:Pat.Delaney () inewsroom com] 
Sent: Saturday, April 03, 2004 10:26 AM
To: snort-users () lists sourceforge net.
Subject: [Snort-users] ghosting a snort server???

 

Rather that reinstall SNORT on another PC from scratch, I cloned the disk, and restored the image to another PC. The
snort service seems to keep failing to start.

 

My question is:

 Is there something keyed in the database to the original host name of the orginal server?

 

How can I start the snort service up in a debugging mode to see why it never starts and stays running?

 

Pat