[Snort-users] snort as a service on Windows 2000

Michael Steele michaels at ...155...
Sat Apr 5 11:21:02 EST 2003


August,

Do a:

Snort /SERVICE /SHOW

Send the output to me along with your snort.conf.

Try running:

Snort -c d:\applications\swnort\etc\snort.conf -l d:\applications\snort\log
-ix -T

Make SURE to replace the proper paths and make SURE that the '-ix' has the
proper interface in place of the 'x'. Send me that output.

 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
August.K.Kunnecke at ...8695...
Sent: Thursday, April 03, 2003 11:18 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snort as a service on Windows 2000

I am trying to use Snort on a Windows 2000 server. 

Snort works when I type snort -v -ix. I am having problems getting it to run
as a service. It install fine. When I try to start it, I get different
errors. I have finally decided to stop and see if I can get some help. This
time I am getting the following message in my event viewer:

------------------------------------------------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date:		4/3/2003
Time:		1:59:36 PM
User:		N/A
Computer:	XXXXXX
Description:
The Snort service failed to start due to the following error: 
The system cannot find the file specified
---------------------------------------------------------------------

It usually tells me that is cannot find the snort.conf file in the
application log, but I am not getting any messages in that section. 

When I run snort at a DOS prompt to try to see what file it is missing, I
get the following:

---------------------------------
WARNING: unknown output plugin: 'alert_syslog'WARNING: unknown output
plugin: 'd
atabase'WARNING: unknown output plugin: 'database'1310 Snort rules read...
1310 Option Chains linked into 148 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initializing Snort ==--
Initializing Output Plugins!

[!] ERROR: Can not get write access to logging directory "log".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)

Fatal Error, Quitting..
-------------------------------------------------

I followed the instructions from the snort.org web site. I tried moving the
snort.exe to the snort directory. I also tried to move (and copy) the
snort.conf file, but I still get the same error.


I also have some questions about the config files: 

One document I read had the path names to the files listed with the "/"
character  Another set of instructions said to use the standard "\"
backslash character.  Which is the correct convention to use?


Thanks in advance for any help.




-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list