[Snort-users] Snort 1.9.0 as Service on Win2k

bunger bunger at ...7102...
Tue Oct 8 07:03:02 EDT 2002

This has probably been beaten to death, but I have searched the archives and haven't really found anything relevant.  I am actually having 2 problems.  But first, here is my config:

- Snort v1.9.0 **see following note
- Windows 2000 Server w/ sp3
- IDSCenter v1.09 Beta 2

**Though I installed the win32 binary build from http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win32.exe
, running snort -V from the command line shows:

C:\Snort>snort -V

-*> Snort! <*-
Version 1.8.7beta5-ODBC-MySQL-WIN32 (Build 128)
By Martin Roesch (roesch at ...1935..., www.snort.org)
1.7-WIN32 Port By Michael Davis (mike at ...92..., www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid at ...3029...)
1.8-WIN32 Compiled by Michael Steele (michaels at ...155..., www.siliconde
          (based on code from 1.7 port)

I can start snort fine from the IDSCenter, but I would like to run it as a service.  To do so, I grab the startup parameters from the IDSCenter and run the following at the command prompt, which installs fine:

snort.exe /SERVICE /INSTALL -c "C:\Snort\snort.conf" -l "C:\Snort\log" -h xx.yy.zz.ww/32 -i 2 -a -C -d -e -X -I -zall

 [SNORT_SERVICE] Attempting to install the Snort service.

 [SNORT_SERVICE] The full path to the Snort binary appears to be:
    C:\Snort\snort.exe /SERVICE

 [SNORT_SERVICE] Successfully added registry keys to:

 [SNORT_SERVICE] Successfully added the Snort service to the Services database.

Then when I attempt to start the snort service, I get an error.

Here is what the command line start error looks like:

C:\Snort>net start snortsvc
The Snort service is starting.
The Snort service could not be started.

A system error has occurred.

System error 1067 has occurred.

The process terminated unexpectedly.

And here is what the Event log looks like:
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7031
Date:		10/8/2002
Time:		10:01:07 AM
User:		N/A
Computer:	ourComputer
The Snort service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: No action. 

Any ideas or suggestions would be very much appreciated!

More information about the Snort-users mailing list