[Snort-users] snort as a service on Windows 2000

August.K.Kunnecke at ...8695... August.K.Kunnecke at ...8695...
Thu Apr 3 13:26:15 EST 2003


I am trying to use Snort on a Windows 2000 server. 

Snort works when I type snort -v -ix. I am having problems getting it to run
as a service. It install fine. When I try to start it, I get different
errors. I have finally decided to stop and see if I can get some help. This
time I am getting the following message in my event viewer:

------------------------------------------------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date:		4/3/2003
Time:		1:59:36 PM
User:		N/A
Computer:	XXXXXX
Description:
The Snort service failed to start due to the following error: 
The system cannot find the file specified
---------------------------------------------------------------------

It usually tells me that is cannot find the snort.conf file in the
application log, but I am not getting any messages in that section. 

When I run snort at a DOS prompt to try to see what file it is missing, I
get the following:

---------------------------------
WARNING: unknown output plugin: 'alert_syslog'WARNING: unknown output
plugin: 'd
atabase'WARNING: unknown output plugin: 'database'1310 Snort rules read...
1310 Option Chains linked into 148 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initializing Snort ==--
Initializing Output Plugins!

[!] ERROR: Can not get write access to logging directory "log".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)

Fatal Error, Quitting..
-------------------------------------------------

I followed the instructions from the snort.org web site. I tried moving the
snort.exe to the snort directory. I also tried to move (and copy) the
snort.conf file, but I still get the same error.


I also have some questions about the config files: 

One document I read had the path names to the files listed with the "/"
character  Another set of instructions said to use the standard "\"
backslash character.  Which is the correct convention to use?


Thanks in advance for any help.






More information about the Snort-users mailing list