[Snort-users] snort-win32 service code!
mike at ...92...
Tue Oct 31 21:56:56 EST 2000
-----BEGIN PGP SIGNED MESSAGE-----
> What is the advantage of this patch instead of using SRVANY?
None other then this code has the 1.6.3-patch2 code in it. The reason
I put the service code into snort was because people requested it. I
am currently looking how to set the working directory for the
exectable but no luck yet. You will be able to Pause/Resume the snort
service in the next release, which you cannot do with srvany.
You can continue to run srvany if you like. That was what I was
Chief Technical Officer
Data Nerds, LLC.
> > -----Original Message-----
> > From: Michael Davis [mailto:mike at ...92...]
> > Sent: Tuesday, October 31, 2000 1:53 AM
> > *** PGP Signature Status: good
> > *** Signer: Michael Davis <mike at ...92...>
> > *** Signed: 10/31/00 1:52:50 AM
> > *** Verified: 10/31/00 10:31:56 AM
> > *** BEGIN PGP VERIFIED MESSAGE ***
> > Hello,
> > Well it is done. Service support has been added to
> > snort-1.6.3-patch2 and it works (rather well I might add ;)
> > You can download the binary from:
> > http://www.datanerds.net/~mike/dev/snort-1.6.3-patch2-service.zip
> > Right now there is only a binary available. If everyone says
> > it is working etc I will release it as the newest win32 version
> > of snort. THIS IS BETA. Furthermore, you must read the following
> > before it will work properly:
> > Snort Service FAQ:
> > 1) Use must use complete paths for everything. This means
> > EVERYTHING. Command line, configuration files, everything.
> > Examples:
> > All include statements must be full paths. I.E. 'include
> > scan-lib' is WRONG. 'include C:\snort\scan-lib' is CORRECT.
> > All Command line options must be full paths. I.E. 'snort.exe -l
> > ./log' is WRONG. 'snort.exe -l C:\snort\log' is CORRECT.
> > 2) YOU MUST ALWAYS HAVE A LOGGING DIRECTORY SET VIA THE COMMAND
> > LINE(-l switch). If you do not set a logging directory the
> > service will not start and, on NT/Win2k, your bootup will hang
> > for about 4 minutes.
> > 3) How to install the snort service.
> > Run snort like you would via command line but add a '-I'. I.E.
> > 'snort.exe -c snort-lib -l ./log -h 192.168.1.0/24 -s' turns into
> > 'snort.exe -c C:\snort\snort-lib -l C:\snort\log -h
> > 192.168.1.0/24 -s -I'
> > YOU MUST USE COMPLETE PATHS FOR ALL FILES/DIRECTORIES.
> > NOTE: You do NOT need to add the -D option to the command line
> > when you install the service. If -D is not there it will
> > automatically be added.
> > 4) How to remove the snort service.
> > Run 'snort -R'.
> > 5) Does the Service run on 9x/ME.
> > Yes. It uses a horrible hack to get it to work. Because of this
> > when you boot up you will see a black command prompt window for
> > about 5 seconds before snort goes to the background. This service
> > mode is considered a horrible hack and probably will not work in
> > every situation.
> > 6) What functions are support by the NT service.
> > Start and Stop currently. Pause and Resume will be implemented
> > later (Code already exists but not working properly).
> > Any questions, comments, flames please email me immediately at
> > mike at ...92...
> > Thanks,
> > Michael Davis
> > Chief Technical Officer
> > Data Nerds, LLC.
> > http://www.datanerds.net
> > *** END PGP VERIFIED MESSAGE ***
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.1
> Comment: PGP or S/MIME encrypted email preferred.
> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
More information about the Snort-users