[Snort-users] Running Snort as a service

Michael Davis mike at ...92...
Thu Mar 15 22:27:58 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for reporting it. I will update the FAQ for the next release.

Michael Davis
Chief Technical Officer
Data Nerds, LLC.
http://www.datanerds.net
- ----- Original Message ----- 
From: "Ian Campbell" <ianc at ...1500...>
To: <agetchel at ...1525...>; <mike at ...92...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, March 15, 2001 3:37 PM
Subject: RE: [Snort-users] Running Snort as a service


> Hi guys,
> 
> Michael, sorry for not reporting this. The error in the FAQ is the
> section as follows:
> 
> <<You must use the SRVANY.EXE and INSTSRV.exe that come with the
> Windows 
>    NT/2000 Resource Kit.
>    
>    You first must install the SRVANY service. At a command prompt
> type: 
>    INSTSRV SrvAny <PATH TO RESKIT>\srvany.exe.
>    
>    Now you can install and configure the snort service.
>    
>    At a command prompt, type the following command:
>    <path>\INSTSRV.EXE snort <path>\SRVANY.EXE
>    where <path> is the drive and directory of the Windows NT
> Resource Kit 
>    (i.e., C:\RESKIT).>>
> 
> This implies that you must run INSTSRV twice, which is not the
> case. This will actually install two services, one called 'SrvAny',
> and one called 'snort' one of which will be useless. The syntax
> <path>\INSTSRV.EXE snort <path>\SRVANY.EXE is all that's required,
> and this will actually create a service called snort for you.
> 
> You can then proceed to follow the balance of the instructions
> regarding the creation of the Parameters key, then the addition of
> the Application and AppParameters REG_SZ values. I did this, and it
> is correct, but it still didn't work for me.
> 
> After glancing at the SRVANY docs that come with the reskit, they
> mention a third REG_SZ value called AppDirectory that can be used
> to specify a path to the working directory for the app. Once I
> added this, snort fired right up on reboot or manually starting the
> service, so I'd suggest you add this last step to the FAQ as well.
> 
> Snort seems to operate just fine under the 'LocalSystem' security
> context. HTH,
> 
> Ian 
> 
> -----Original Message-----
> From: agetchel at ...1525... [mailto:agetchel at ...1525...]
> Sent: Thursday, March 15, 2001 8:57 AM
> To: mike at ...92...; Ian Campbell
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Running Snort as a service
> 
> 
> Hi Michael,
> FWIW, I setup Snort last night on my Win2k Pro laptop to run as a
> service, followed the instructions in the FAQ to the letter, and it
> worked perfectly.  I had a problem with the context the service was
> running in because I was writing the logs to an EFS encrypted
> directory, but that's just my own bone-headed mistake... which was
> resolved by running it under a user who had access too the crypto
> keys.
> 
> Thanks,
> Abe
> 
> Abe L. Getchell - Security Engineer
> Division of System Support Services
> Kentucky Department of Education
> Voice   502-564-2020x225
> E-mail  agetchel at ...1525...
> Web     http://www.kde.state.ky.us/
> 
> 
> 
> > -----Original Message-----
> > From: Michael Davis [mailto:mike at ...92...]
> > Sent: Thursday, March 15, 2001 11:29 AM
> > To: Ian Campbell
> > Cc: 'snort-users at lists.sourceforge.net'
> > Subject: Re: [Snort-users] Running Snort as a service
> > 
> > 
> > > followed the docs that came with it (those in the win32_faq.txt
> > > file are
> > > incorrect).
> > 
> > I wish people would report problems like this.
> > 
> > I followed the instructions and it worked for me. Let me try 
> > and duplicate it 
> > againa nd see if I need to fix the FAQ.
> > 
> > Thanks,
> > Michael Davis
> > Chief Technical Officer
> > Data Nerds, LLC.
> > http://www.datanerds.net
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOrGIPPiUqZ9dnoKsEQKp1gCfWc05VmYbv9xVNUp2YBlkvedIYDMAoNy8
25refnBYis3PAwZxoFWa9aZa
=bSVu
-----END PGP SIGNATURE-----






More information about the Snort-users mailing list