[Snort-users] W2k Startup Error

d_greenjr d_greenjr at ...125...
Thu Sep 11 05:08:56 EDT 2003


Michael I ran the command and below is the output....it appeared to be successful.
C:\Snort\bin>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1 -T
Running in IDS mode
Log directory = c:\snort\log

Initializing Network Interface \Device\NPF_{B372C2A0-D71E-47F6-9E12-5D4195C8F61A
}

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface \Device\NPF_{B372C2A0-D71E-47F6-9E12-5D4195C8F61A
}
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file c:\snort\etc\snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Using LOCAL time
database: compiled support for ( mysql odbc )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:          port = 3306
database:   sensor name = console
database:     sensor id = 2
database: inconsistent cid information for sid=2
          Recovering by rolling forward the cid=5
database: schema version = 106
database: using the "alert" facility
1331 Snort rules read...
1331 Option Chains linked into 139 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.0-ODBC-MySQL-WIN32 (Build 72)
By Martin Roesch (roesch at ...1935..., www.snort.org)
1.7-WIN32 Port By Michael Davis (mike at ...92..., www.datanerds.net/~mike)
1.8 - 2.0 WIN32 Port By Chris Reid (chris.reid at ...3029...)

Snort sucessfully loaded all rules and checked all rule chains!
database: Closing connection to database "snort"
Snort exiting

  ----- Original Message ----- 
  From: Michael Steele 
  To: snort-users at lists.sourceforge.net 
  Sent: Tuesday, September 09, 2003 2:41 PM
  Subject: RE: [Snort-users] W2k Startup Error


  Make SURE you have the paths configured properly. Also make SURE MySQL is running and accepting the connection. Try running this from the snort/bin folder:

   

  snort  -c c:\snort\etc\snort.conf -l c:\snort\log -i1 -T         

   

  This will run a diagnosis on your install.

  -Michael Steele
  --
   System Engineer / Security Support Technician    
   mailto:michaels at ...9077...   
   Website: http://www.winsnort.com
   Snort: Open Source Network IDS - http://www.snort.org
    


------------------------------------------------------------------------------

  From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...2902...ists.sourceforge.net] On Behalf Of d_greenjr
  Sent: Monday, September 08, 2003 3:59 PM
  To: snort-users at lists.sourceforge.net
  Subject: [Snort-users] W2k Startup Error

   

  This may not be the forum to ask this question, but I installed snort on Windows 2000 with no problem.  I then followed the winsnort directions (http://www.winsnort.com/Winsnort/guides/WinSnortApache.pdf) on installing snort as a service and received the error "Could not start the Snort service on Local Computer.  Error 1067: The process terminated unexpectedly."  And it did not start.  The command I used to install the service was as follows (from the snort/bin directory): 

          snort /SERVICE /INSTALL -de -c c:\snort\etc\snort.conf -l c:\snort\log -i1

   

  I also set the service to automatically start. Following is what the snort service properties path reads "C:\Snort\bin\SNORT /SERVICE"

   

  Any suggestions??
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030911/278b40b4/attachment.html>


More information about the Snort-users mailing list