[Snort-users] Running Snort as a service
mike at ...92...
Thu Mar 15 22:27:58 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Thanks for reporting it. I will update the FAQ for the next release.
Chief Technical Officer
Data Nerds, LLC.
- ----- Original Message -----
From: "Ian Campbell" <ianc at ...1500...>
To: <agetchel at ...1525...>; <mike at ...92...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, March 15, 2001 3:37 PM
Subject: RE: [Snort-users] Running Snort as a service
> Hi guys,
> Michael, sorry for not reporting this. The error in the FAQ is the
> section as follows:
> <<You must use the SRVANY.EXE and INSTSRV.exe that come with the
> NT/2000 Resource Kit.
> You first must install the SRVANY service. At a command prompt
> INSTSRV SrvAny <PATH TO RESKIT>\srvany.exe.
> Now you can install and configure the snort service.
> At a command prompt, type the following command:
> <path>\INSTSRV.EXE snort <path>\SRVANY.EXE
> where <path> is the drive and directory of the Windows NT
> Resource Kit
> (i.e., C:\RESKIT).>>
> This implies that you must run INSTSRV twice, which is not the
> case. This will actually install two services, one called 'SrvAny',
> and one called 'snort' one of which will be useless. The syntax
> <path>\INSTSRV.EXE snort <path>\SRVANY.EXE is all that's required,
> and this will actually create a service called snort for you.
> You can then proceed to follow the balance of the instructions
> regarding the creation of the Parameters key, then the addition of
> the Application and AppParameters REG_SZ values. I did this, and it
> is correct, but it still didn't work for me.
> After glancing at the SRVANY docs that come with the reskit, they
> mention a third REG_SZ value called AppDirectory that can be used
> to specify a path to the working directory for the app. Once I
> added this, snort fired right up on reboot or manually starting the
> service, so I'd suggest you add this last step to the FAQ as well.
> Snort seems to operate just fine under the 'LocalSystem' security
> context. HTH,
> -----Original Message-----
> From: agetchel at ...1525... [mailto:agetchel at ...1525...]
> Sent: Thursday, March 15, 2001 8:57 AM
> To: mike at ...92...; Ian Campbell
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Running Snort as a service
> Hi Michael,
> FWIW, I setup Snort last night on my Win2k Pro laptop to run as a
> service, followed the instructions in the FAQ to the letter, and it
> worked perfectly. I had a problem with the context the service was
> running in because I was writing the logs to an EFS encrypted
> directory, but that's just my own bone-headed mistake... which was
> resolved by running it under a user who had access too the crypto
> Abe L. Getchell - Security Engineer
> Division of System Support Services
> Kentucky Department of Education
> Voice 502-564-2020x225
> E-mail agetchel at ...1525...
> Web http://www.kde.state.ky.us/
> > -----Original Message-----
> > From: Michael Davis [mailto:mike at ...92...]
> > Sent: Thursday, March 15, 2001 11:29 AM
> > To: Ian Campbell
> > Cc: 'snort-users at lists.sourceforge.net'
> > Subject: Re: [Snort-users] Running Snort as a service
> > > followed the docs that came with it (those in the win32_faq.txt
> > > file are
> > > incorrect).
> > I wish people would report problems like this.
> > I followed the instructions and it worked for me. Let me try
> > and duplicate it
> > againa nd see if I need to fix the FAQ.
> > Thanks,
> > Michael Davis
> > Chief Technical Officer
> > Data Nerds, LLC.
> > http://www.datanerds.net
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
More information about the Snort-users