Tue Dec 24 10:58:02 EST 2002

Merry Christmas!

I'm stuck here at work, so I thought I'd try to get the latest Win32 build 
of Snort working and ran into a few problems.  Here's what I managed to fix 
and what's still not working.  Anyone got any suggestions?

Snort Build: 2.0.0 Beta (Build 45) 12/23/02
StdDB & Win32 Service Support
Test OS: W2K SP3

Problems Discovered & Resolved:

(1) Incorrect (missing) configuration path in snort.conf.  Change snort.conf 
to something like:

# Path to your rules files (this can be a relative path)
var RULE_PATH ../rules
var CONFIG_PATH ../etc


# Include classification & priority settings

include $CONFIG_PATH/classification.config

# Include reference systems

include $CONFIG_PATH/reference.config

(2) "-E" (Log to Win32 Event Viewer) switch doesn't work properly.  Causes 
snort to think it needs a syslog server.  Didn't have time to look at the 
source, so I just dropped the flag for now.

Still Unresolved:

(1) Can't execute as service.  /SERVICE /INSTALL works fine, but then when I 
try to start the service, I get: "Process terminated unexpectedly".  Running 
on command line seems to work okay.  (I had this same problem with 1.9, 

Gonna try to duck out of the office now!  Back on Thursday... :(



