[Snort-users] Snort Win32 Process Stalling

Michael Steele michaels at ...155...
Wed Jan 22 21:04:02 EST 2003


Why are you using Firedeamon, or the Srvany services? Short has them built
in in 1.9.x. Remove all the Srvany services, and you actually have a remove
option I think 'Srvany remove' or something like that.

Well, if you want to start over, then use my latest documentation, well
worth the time.


 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steven
Sent: Wednesday, January 22, 2003 8:11 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Snort Win32 Process Stalling

I've been running Snort on W2K for over 12 months now following the
excellent doco Michael Steele provides via www.silicondefense.com

However, since I upgraded to Version 1.9.0beta6-ODBC-MySQL-WIN32 (Build 209)
I have had nothing but problems.

The problem I am experiencing is that the snort process hangs, so CPU time
increments and I don't get any packets forwarded to my MySQL / ACID server.
The only way to stop this is to stop the snort service and start it again.
This may last an hour or so before it stalls.

Actions taken so far include;

* Using both Srvany and FireDaemon to run snort as a service
* Removing WinPCap ensuring old versions have necessary files and .dlls
removed, as per instructions on the WinPCap web site.
* Installing various versions of WinPCap

Does anyone have any tips? My next step is to trash everything including the
OS and start again following Michaels guide word for word.

Thanks in advance


This email and any files transmitted with it are solely intended for the use
of the
addressee(s) and may contain information that is confidential and
privileged.  If you
receive this email in error, please advise us by return email immediately.
Please also
disregard the contents of the email, delete it and destroy any copies
Computershare Limited and its subsidiaries do not accept liability for the
expressed in the email or for the consequences of any computer viruses that
may be
transmitted with this email

This email is also subject to copyright.  No part of it should be
reproduced, adapted or 
transmitted without the written consent of the copyright owner.

This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list