[Snort-users] snort-win32 service code!

Michael Davis mike at ...92...
Tue Oct 31 21:56:56 EST 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> What is the advantage of this patch instead of using SRVANY?

None other then this code has the 1.6.3-patch2 code in it. The reason
I put the service code into snort was because people requested it.  I
am currently looking how to set the working directory for the
exectable but no luck yet. You will be able to Pause/Resume the snort
service in the next release, which you cannot do with srvany.

You can continue to run srvany if you like. That was what I was
doing/telling people.

Michael Davis
Chief Technical Officer
Data Nerds, LLC.
http://www.datanerds.net

> Regards,
> Frank
> 
> 
> > -----Original Message-----
> > From: Michael Davis [mailto:mike at ...92...]
> > Sent: Tuesday, October 31, 2000 1:53 AM
>  
> > 
> > *** PGP Signature Status: good
> > *** Signer: Michael Davis <mike at ...92...> 
> > *** Signed: 10/31/00 1:52:50 AM
> > *** Verified: 10/31/00 10:31:56 AM
> > *** BEGIN PGP VERIFIED MESSAGE ***
> > 
> > Hello,
> > 
> >     Well it is done. Service support has been added to
> > snort-1.6.3-patch2 and it works (rather well I might add ;)
> >     You can download the binary from:
> > http://www.datanerds.net/~mike/dev/snort-1.6.3-patch2-service.zip
> > 
> >     Right now there is only a binary available. If everyone says
> > it is working etc I will release it as the newest win32 version
> > of snort. THIS IS BETA. Furthermore, you must read the following
> > before it will work properly:  
> > 
> > Snort Service FAQ:
> > 
> > 1) Use must use complete paths for everything. This means
> > EVERYTHING. Command line, configuration files, everything.
> > Examples: 
> >  All include statements must be full paths. I.E. 'include
> > scan-lib' is WRONG. 'include C:\snort\scan-lib' is CORRECT.
> >  All Command line options must be full paths. I.E. 'snort.exe -l
> > ./log' is WRONG. 'snort.exe -l C:\snort\log' is CORRECT.
> > 
> > 2) YOU MUST ALWAYS HAVE A LOGGING DIRECTORY SET VIA THE COMMAND
> > LINE(-l switch). If you do not set a logging directory the
> > service will not start and, on NT/Win2k,  your bootup will hang
> > for about 4 minutes.
> > 
> > 3) How to install the snort service.
> >  Run snort like you would via command line but add a '-I'. I.E.
> > 'snort.exe -c snort-lib -l ./log -h 192.168.1.0/24 -s' turns into
> > 'snort.exe -c C:\snort\snort-lib -l C:\snort\log -h
> > 192.168.1.0/24 -s -I' 
> >  YOU MUST USE COMPLETE PATHS FOR ALL FILES/DIRECTORIES.
> >  NOTE: You do NOT need to add the -D option to the command line
> > when you install the service. If -D is not there it will
> > automatically be added. 
> >  
> > 4) How to remove the snort service.
> >  Run 'snort -R'.
> > 
> > 5) Does the Service run on 9x/ME.
> >  Yes. It uses a horrible hack to get it to work. Because of this
> > when you boot up you will see a black command prompt window for
> > about 5 seconds before snort goes to the background. This service
> > mode is considered a horrible hack and probably will not work in
> > every situation. 
> >  
> > 6) What functions are support by the NT service.
> >  Start and Stop currently. Pause and Resume will be implemented
> > later (Code already exists but not working properly).  
> > 
> > Any questions, comments, flames please email me immediately at
> > mike at ...92...
> > 
> > Thanks,
> > Michael Davis
> > Chief Technical Officer
> > Data Nerds, LLC.
> > http://www.datanerds.net
> > 
> > 
> > *** END PGP VERIFIED MESSAGE ***
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.1
> Comment: PGP or S/MIME encrypted email preferred.
> 
> iQA/AwUBOf702URKym0LjhFcEQJidQCgjl10AhGE5GSbgqULP4L/Vy9LlEQAoMgS
> KtYakRNqBuKJmqOqXOrsA1pL
> =omrO
> -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOf+Gd/iUqZ9dnoKsEQI7AgCgwlA47XEF5YybosNOhlfuGgJIfEsAoKSB
29kY2rN7zgJg2zzJhiBDN1xC
=3DBa
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list