[Snort-users] ghosting a snort server???

Jordan, Jason A Jason.Jordan at ...10803...
Sat Apr 3 08:42:03 EST 2004

Disclaimer: I am making a presumption that this is snort on Windows not Linux.


Did you check the account name that the service is running under?  Prior to imaging the original system, did you run the
prep routines on the system (I believe its sysprep).  If it's a Windows 2000/XP/2003 type of system the service accounts
and system account information can get mangled during ghosting (i.e. some type of SID conflict).  I'd recommend going
into the Services applet, go into the Snort properties, and verify the credentials it runs under.  Even better, manually
re-select the account (local/domain) and password which Snort will use as its running context.


You should be able to run snort from the command line and the help files describe the switches.  


Let me know if any of that helps.


Jason Jordan




From: Pat Delaney [mailto:Pat.Delaney at ...11558...] 
Sent: Saturday, April 03, 2004 10:26 AM
To: snort-users at ...314...
Subject: [Snort-users] ghosting a snort server???


Rather that reinstall SNORT on another PC from scratch, I cloned the disk, and restored the image to another PC. The
snort service seems to keep failing to start.


My question is:

 Is there something keyed in the database to the original host name of the orginal server?


How can I start the snort service up in a debugging mode to see why it never starts and stays running?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040403/4954415b/attachment.html>

More information about the Snort-users mailing list