[Snort-users] Corrupt Snort Logging - Win32 Terminal Server2000

Michael Steele michaels at ...9077...
Thu Dec 4 08:50:05 EST 2003

For some reason Server locks Snort.exe from deletion. After uninstall you
will need to reboot to get windows to unlock the file and then you can
delete. To get around rebooting, just rename the Snort folder and let the
new installation create a new one. Move whatever files you need into the
newly created Snort folder from the old snort folder.

You really don't need uninstall, just stop snort, rename the folder to
something else then install the new version of snort. This way you won't
have to recreate the service. Just move your old snort.conf and whatever
else from the old installation to the new snort install and restart Snort.

Make SURE that you remove WinPcap completely before installing a new

Note: If you are running Terminal Services under Windows 2000 Server or
Advanced Server, you MUST install MySQL from the Add/Remove panel. You can
also type from a command window "change user /install" and after you install
MySQL type from a command window "change user /execute". You should do this
with every install that has an installer.


-The WINSNORT.com Management Team
 Pick up your FREE Windows or UNIX Snort installation guides       
 mailto:support at ...9077...
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

> -----Original Message-----
> From: Jim Robinson [mailto:jim at ...10685...]
> Sent: Thursday, December 04, 2003 5:28 AM
> To: Michael Steele
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Corrupt Snort Logging - Win32 Terminal
> Server2000
> Michael,
> Try this for strange.  I tried stopping snort, uninstalling it and it
> failed to delete the executable.  I manually tried to delete it and it
> said that it was in use.  I checked this and no process seemed to have a
> lock on on it - I even used Active Ports to see if anything had failed
> and was still using it via a socket and nothing.  I could rename it
> though.....?  Anyway, I reinstalled it and it complained about Winpcap
> so I uninstalled everything and then reinstalled everything and still no
> joy.  Finally I reinstalled Winpcap one more time over the top and snort
> decided to start again - with the same logging errors!
> The server is less than a year old and has more than 512mb of RAM I am
> sure (not my server).  I have not tried changing any components yet and
> it logs to a test file only.  Pretty simple install really.  Just a note
> it will run just fine during the night time it's during the day that it
> seems to go crazy.  I'm still lost on this one!
> :)
> Jim
> On Thu, 2003-12-04 at 00:03, Michael Steele wrote:
> > That's bazaar... Have you tried rebooting? I know you hate too, It's
> been
> > 214 days without a reboot on mine, not a record yet but getting there.
> How
> > much memory do you have? When did this start to happen? Was any changes
> made
> > just before it started to do this? Have you restarted the database? Have
> you
> > tried to start the log over? Have you updated your NIC drivers? Have you
> > tried to switch out your memory modules? Have you tried to switch out
> your
> > NIC? Have you..... :)
> >
> > Cheers...
> >
> > -The WINSNORT.com Management Team

More information about the Snort-users mailing list