[Snort-users] Snort 1.8.7 as a Win2K Service (bump)

Salman Siddiqui lists at ...6696...
Fri Dec 13 10:25:06 EST 2002

Did you setup a user account for the service and give it appropriate
permissions to the SNORT binary and logging folder?

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of L.
Christopher Luther
Sent: Thursday, December 12, 2002 2:59 PM
To: Snort-Users (E-mail)
Subject: [Snort-users] Snort 1.8.7 as a Win2K Service (bump)
Sensitivity: Confidential

Using the Snort 1.8.7 binary from Silicon Defense, I've attempted to 
install Snort as a Win2K service.  I've used this same Snort binary 
on the same machine via a console shell, and everything worked 
perfectly (e.g., alerts to an ASCII file, logging to a remote MySQL 

When I install Snort as a service, the following output is generated: 

C:\BIN\Snort>snort.exe /SERVICE /INSTALL -c "C:\BIN\Snort\snort.conf" 
-l "C:\BIN\Snort\log" -h -i 1 -y 

 [SNORT_SERVICE] Attempting to install the Snort service. 

 [SNORT_SERVICE] The full path to the Snort binary appears to be: 
    C:\BIN\Snort\snort.exe /SERVICE 

 [SNORT_SERVICE] Successfully added registry keys to: 

 [SNORT_SERVICE] Successfully added the Snort service to the Services 

And when I "show" the service parameters, they appear as:  

C:\BIN\Snort>snort.exe /SERVICE /SHOW 

Snort is currently configured to run as a Windows service using the 
following command-line parameters: 

     -c C:\BIN\Snort\snort.conf -l C:\BIN\Snort\log -h -i 1

So far, everything is normal.  BTW, this is the exact command line I 
use to launch Snort via a command shell.  

However, when I attempt to start Snort via the Services MMC snap-in 
or a console "net start snort" command, the service appears to start 
correctly, but I end up with an Event Log message that indicates 
something bad happened:    

Event Type:     Error 
Event Source:   Service Control Manager 
Event Category: None 
Event ID:       7031 
Date:           12/10/2002 
Time:           3:25:23 PM 
User:           N/A 
Computer:       DEMOXSI-1 
The Snort service terminated unexpectedly.  It has done this 1 
time(s).  The following corrective action will be taken in 0 
milliseconds: No action. 

That's nothing else.  Does anyone have any clues about this one?  


L. Christopher Luther  
Technical Consultant  
Xybernaut Solutions, Inc.  
(703) 654-3642  
cluther at ...6331...  

My PGP Public Key:  

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 631-6925. 

Unsolicited commercial e-mail will automatically be reported 
to the appropriate abuse@ - without exception. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021213/619e6474/attachment.html>

More information about the Snort-users mailing list