[Snort-users] snort-win32 service code!

Michael Davis mike at ...92...
Tue Oct 31 02:52:54 EST 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

    Well it is done. Service support has been added to
snort-1.6.3-patch2 and it works (rather well I might add ;)
    You can download the binary from:
http://www.datanerds.net/~mike/dev/snort-1.6.3-patch2-service.zip

    Right now there is only a binary available. If everyone says it
is working etc I will release it as the newest win32 version of
snort. THIS IS BETA. Furthermore, you must read the following before
it will work properly:

Snort Service FAQ:

1) Use must use complete paths for everything. This means EVERYTHING.
Command line, configuration files, everything. Examples:
 All include statements must be full paths. I.E. 'include scan-lib'
is WRONG. 'include C:\snort\scan-lib' is CORRECT.
 All Command line options must be full paths. I.E. 'snort.exe -l
./log' is WRONG. 'snort.exe -l C:\snort\log' is CORRECT.

2) YOU MUST ALWAYS HAVE A LOGGING DIRECTORY SET VIA THE COMMAND
LINE(-l switch). If you do not set a logging directory the service
will not start and, on NT/Win2k,  your bootup will hang for about 4
minutes.

3) How to install the snort service.
 Run snort like you would via command line but add a '-I'. I.E.
'snort.exe -c snort-lib -l ./log -h 192.168.1.0/24 -s' turns into
'snort.exe -c C:\snort\snort-lib -l C:\snort\log -h 192.168.1.0/24 -s
- -I'
 YOU MUST USE COMPLETE PATHS FOR ALL FILES/DIRECTORIES.
 NOTE: You do NOT need to add the -D option to the command line when
you install the service. If -D is not there it will automatically be
added.
 
4) How to remove the snort service.
 Run 'snort -R'.

5) Does the Service run on 9x/ME.
 Yes. It uses a horrible hack to get it to work. Because of this when
you boot up you will see a black command prompt window for about 5
seconds before snort goes to the background. This service mode is
considered a horrible hack and probably will not work in every
situation.
 
6) What functions are support by the NT service.
 Start and Stop currently. Pause and Resume will be implemented later
(Code already exists but not working properly).

Any questions, comments, flames please email me immediately at
mike at ...92...

Thanks,
Michael Davis
Chief Technical Officer
Data Nerds, LLC.
http://www.datanerds.net

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOf56UviUqZ9dnoKsEQImQgCgwIJ1z1USfPVkSdh3xzs2/rQJavgAoMiW
8/hokSFowrfA4TY/JuA6pVJR
=79Lu
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list