[Snort-users] Win32 Misconfiguration

Julian Brown jbrown at ...8965...
Thu Apr 24 12:42:23 EDT 2003

Latest Snort on Win32 as a service.  Logging to the NTEventLogger.

snort /SERVICE /INSTALL -de -E -l C:\Snort\log -h -c 

I have a whole bunch of the following type messages in the EventViewer

The description for Event ID ( 1 ) in Source ( snort ) cannot be found. The 
local computer may not have the necessary registry information or message 
DLL files to display messages from a remote computer. The following 
information is part of the event: [1:2101:1] NETBIOS SMB 
SMB_COM_TRANSACTION Max Parameter of 0 DOS Attempt [Classification: 
Detection of a Denial of Service Attack] [Priority: 2]: {TCP} ->

I do not believe I have it set to output to alert_smb, I definitely do not 
want alert_smb.

With the exception of these lines

# Include classification & priority settings

include c:\snort\etc\classification.config

# Include reference systems

include c:\snort\etc\reference.config

All of the output options are commented out in snort.conf

These files are all in there original state and not been modified.

What have I done wrong to get the above messages?


Julian Brown
jbrown at ...9006...

More information about the Snort-users mailing list