[Snort-users] Snort 1.9.0 as Service on Win2k
bunger at ...7102...
Tue Oct 8 07:03:02 EDT 2002
This has probably been beaten to death, but I have searched the archives and haven't really found anything relevant. I am actually having 2 problems. But first, here is my config:
- Snort v1.9.0 **see following note
- Windows 2000 Server w/ sp3
- IDSCenter v1.09 Beta 2
**Though I installed the win32 binary build from http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win32.exe
, running snort -V from the command line shows:
-*> Snort! <*-
Version 1.8.7beta5-ODBC-MySQL-WIN32 (Build 128)
By Martin Roesch (roesch at ...1935..., www.snort.org)
1.7-WIN32 Port By Michael Davis (mike at ...92..., www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid at ...3029...)
1.8-WIN32 Compiled by Michael Steele (michaels at ...155..., www.siliconde
(based on code from 1.7 port)
I can start snort fine from the IDSCenter, but I would like to run it as a service. To do so, I grab the startup parameters from the IDSCenter and run the following at the command prompt, which installs fine:
snort.exe /SERVICE /INSTALL -c "C:\Snort\snort.conf" -l "C:\Snort\log" -h xx.yy.zz.ww/32 -i 2 -a -C -d -e -X -I -zall
[SNORT_SERVICE] Attempting to install the Snort service.
[SNORT_SERVICE] The full path to the Snort binary appears to be:
[SNORT_SERVICE] Successfully added registry keys to:
[SNORT_SERVICE] Successfully added the Snort service to the Services database.
Then when I attempt to start the snort service, I get an error.
Here is what the command line start error looks like:
C:\Snort>net start snortsvc
The Snort service is starting.
The Snort service could not be started.
A system error has occurred.
System error 1067 has occurred.
The process terminated unexpectedly.
And here is what the Event log looks like:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Time: 10:01:07 AM
The Snort service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: No action.
Any ideas or suggestions would be very much appreciated!
More information about the Snort-users