[Snort-users] Running Snort as a service

Ian Campbell ianc at ...1500...
Thu Mar 15 16:37:43 EST 2001

Hi guys,

Michael, sorry for not reporting this. The error in the FAQ is the section
as follows:

<<You must use the SRVANY.EXE and INSTSRV.exe that come with the Windows
   NT/2000 Resource Kit.
   You first must install the SRVANY service. At a command prompt type:
   INSTSRV SrvAny <PATH TO RESKIT>\srvany.exe.
   Now you can install and configure the snort service.
   At a command prompt, type the following command:
   <path>\INSTSRV.EXE snort <path>\SRVANY.EXE
   where <path> is the drive and directory of the Windows NT Resource Kit
   (i.e., C:\RESKIT).>>

This implies that you must run INSTSRV twice, which is not the case. This
will actually install two services, one called 'SrvAny', and one called
'snort' one of which will be useless. The syntax <path>\INSTSRV.EXE snort
<path>\SRVANY.EXE is all that's required, and this will actually create a
service called snort for you.

You can then proceed to follow the balance of the instructions regarding the
creation of the Parameters key, then the addition of the Application and
AppParameters REG_SZ values. I did this, and it is correct, but it still
didn't work for me.

After glancing at the SRVANY docs that come with the reskit, they mention a
third REG_SZ value called AppDirectory that can be used to specify a path to
the working directory for the app. Once I added this, snort fired right up
on reboot or manually starting the service, so I'd suggest you add this last
step to the FAQ as well.

Snort seems to operate just fine under the 'LocalSystem' security context.


-----Original Message-----
From: agetchel at ...1525... [mailto:agetchel at ...1525...]
Sent: Thursday, March 15, 2001 8:57 AM
To: mike at ...92...; Ian Campbell
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Running Snort as a service

Hi Michael,
	FWIW, I setup Snort last night on my Win2k Pro laptop to run as a
service, followed the instructions in the FAQ to the letter, and it worked
perfectly.  I had a problem with the context the service was running in
because I was writing the logs to an EFS encrypted directory, but that's
just my own bone-headed mistake... which was resolved by running it under a
user who had access too the crypto keys.


Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel at ...1525...
Web     http://www.kde.state.ky.us/

> -----Original Message-----
> From: Michael Davis [mailto:mike at ...92...]
> Sent: Thursday, March 15, 2001 11:29 AM
> To: Ian Campbell
> Cc: 'snort-users at lists.sourceforge.net'
> Subject: Re: [Snort-users] Running Snort as a service
> > followed the docs that came with it (those in the win32_faq.txt file
> > are
> > incorrect).
> I wish people would report problems like this.
> I followed the instructions and it worked for me. Let me try 
> and duplicate it 
> againa nd see if I need to fix the FAQ.
> Thanks,
> Michael Davis
> Chief Technical Officer
> Data Nerds, LLC.
> http://www.datanerds.net
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

More information about the Snort-users mailing list