[Snort-users] Corrupt Snort Logging - Win32 Terminal Server 2000

John Tapparo jttdi at ...131...
Thu Dec 4 06:26:04 EST 2003


It really looks like you have multiple invocations of
snort running to the same log file (intermingled log
entries, unable to delete the exec).  It looks like
you have checked this.  One other thing to check is,
is the Snort install shared out and running on another
machine?  With your daytime problem, did something get
into someone's startup group?  Or is terminal services
starting it for each user that logs in for some reason
(it's flagged as some sort of login service rather
than system service?) (I don't know much about
terminal services or Snort on Win32).

--- Jim Robinson <jim at ...10685...> wrote:
> Michael,
> 
> Try this for strange.  I tried stopping snort,
> uninstalling it and it
> failed to delete the executable.  I manually tried
> to delete it and it
> said that it was in use.  I checked this and no
> process seemed to have a
> lock on on it - I even used Active Ports to see if
> anything had failed
> and was still using it via a socket and nothing.  I
> could rename it
> though.....?  Anyway, I reinstalled it and it
> complained about Winpcap
> so I uninstalled everything and then reinstalled
> everything and still no
> joy.  Finally I reinstalled Winpcap one more time
> over the top and snort
> decided to start again - with the same logging
> errors!
> 
> The server is less than a year old and has more than
> 512mb of RAM I am
> sure (not my server).  I have not tried changing any
> components yet and
> it logs to a test file only.  Pretty simple install
> really.  Just a note
> it will run just fine during the night time it's
> during the day that it
> seems to go crazy.  I'm still lost on this one!
> 
> :)
> 
> Jim



__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/




More information about the Snort-users mailing list