[Snort-users] Snort Event Ids on win2000

Joe Kinsella jkinsella at ...9312...
Wed May 28 06:12:22 EDT 2003

If you use the -E parameter, Snort logs to the Application event log under a
source called SnortService.  However, I still am unclear how this is
supposed to work since it does not appear as though the Snort install on
Windows registers a message resource DLL.  So even when I log to the event
log, I get the following (note that the Event Viewer cannot properly format
the message since it cannot locate a valid resource DLL):

Event Type:	Error
Event Source:	SnortService
Event Category:	None
Event ID:	1
Date:		5/27/2003
Time:		5:55:21 PM
User:		N/A
The description for Event ID ( 1 ) in Source ( SnortService ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. The following
information is part of the event:  [SNORT_SERVICE] Error while adding the
Snort service to the Services database. Unrecognized error (1072). The
specified service has been marked for deletion.

Have you had any better luck?

-----Original Message-----
From: C Wells [mailto:s2audi at ...131...]
Sent: Tuesday, May 27, 2003 8:10 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Snort Event Ids on win2000

Is there documentation of the Snort Event Ids that one
could find in the Application Event Log of Windows
2000 ? If Snort doesn't write to the Event log on
win2000 where might I find 'log' type information ? 


Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.

This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list