[Snort-users] snort as a service on Windows 2000

Michael Steele michaels at ...155...
Sat Apr 5 11:21:02 EST 2003


Do a:


Send the output to me along with your snort.conf.

Try running:

Snort -c d:\applications\swnort\etc\snort.conf -l d:\applications\snort\log
-ix -T

Make SURE to replace the proper paths and make SURE that the '-ix' has the
proper interface in place of the 'x'. Send me that output.


 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
August.K.Kunnecke at ...8695...
Sent: Thursday, April 03, 2003 11:18 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snort as a service on Windows 2000

I am trying to use Snort on a Windows 2000 server. 

Snort works when I type snort -v -ix. I am having problems getting it to run
as a service. It install fine. When I try to start it, I get different
errors. I have finally decided to stop and see if I can get some help. This
time I am getting the following message in my event viewer:

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date:		4/3/2003
Time:		1:59:36 PM
User:		N/A
Computer:	XXXXXX
The Snort service failed to start due to the following error: 
The system cannot find the file specified

It usually tells me that is cannot find the snort.conf file in the
application log, but I am not getting any messages in that section. 

When I run snort at a DOS prompt to try to see what file it is missing, I
get the following:

WARNING: unknown output plugin: 'alert_syslog'WARNING: unknown output
plugin: 'd
atabase'WARNING: unknown output plugin: 'database'1310 Snort rules read...
1310 Option Chains linked into 148 Chain Headers
0 Dynamic rules

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initializing Snort ==--
Initializing Output Plugins!

[!] ERROR: Can not get write access to logging directory "log".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)

Fatal Error, Quitting..

I followed the instructions from the snort.org web site. I tried moving the
snort.exe to the snort directory. I also tried to move (and copy) the
snort.conf file, but I still get the same error.

I also have some questions about the config files: 

One document I read had the path names to the files listed with the "/"
character  Another set of instructions said to use the standard "\"
backslash character.  Which is the correct convention to use?

Thanks in advance for any help.

This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list