[Snort-users] Snort Event Ids on win2000

Michael A. Davis mike at ...92...
Wed May 28 11:51:07 EDT 2003


You don't actually need a separate message DLL. You can just include the .mc
file into the exe itself and point the Registry key to the EXE.

My original 1.7 port of snort that contained service code did this.

Michael Davis
Chief Technical Officer
DataNerds
http://www.datanerds.com
----- Original Message ----- 
From: "Chris Reid" <Chris.Reid at ...2817...>
To: "Michael Steele" <michaels at ...9077...>; "'Joe Kinsella'"
<jkinsella at ...9312...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Wednesday, May 28, 2003 11:26 AM
Subject: Re: [Snort-users] Snort Event Ids on win2000


> As others have correctly stated, the cause of this warning is because no
> message DLL is associated/registered with the event source.  Yes, I was
> aware of this behaviour.  I just haven't yet had an opportunity to build
the
> DLL and incorporate it into the existing snort source code.  There seem to
> be enough comments about this behaviour that I'll make this task a higher
> priority.
>
> Chris Reid
>
> ----- Original Message ----- 
> From: "Michael Steele"
> To: "'Joe Kinsella'"
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Wednesday, May 28, 2003 10:03 AM
> Subject: RE: [Snort-users] Snort Event Ids on win2000
>
>
> Joe,
>
> I'm not sure if it's a bug, but it's pretty minor if it is. How about it
> Chris, can this be fixed. I know I have seen several messages in regards
to
> this particular logging quirk.
>
> Cheers...
>
> -Michael Steele
> -- 
>  System Engineer / Security Support Technician
>  mailto:michaels at ...9077...
>  Website: http://www.winsnort.com
>  Snort: Open Source Network IDS - http://www.snort.org
>
>
> -----Original Message-----
> From: Joe Kinsella [mailto:jkinsella at ...9312...]
> Sent: Wednesday, May 28, 2003 8:53 AM
> To: 'Michael Steele'
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Snort Event Ids on win2000
>
> But the reason the event message is not formatted is because there is no
> message resource DLL registered for the SnortService event source.  It
> wouldn't take much to fix this (just use the message compiler & change the
> install to add this to the registry).  Is this not considered a bug?
>
> Joe
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ObjectStore.
> If flattening out C++ or Java code to make your application fit in a
> relational database is painful, don't do it! Check out ObjectStore.
> Now part of Progress Software. http://www.objectstore.net/sourceforge
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list