[Snort-users] Problem: Win32 v2.4.3 does not start as a Service

Michael Steele michaels at ...9077...
Tue Dec 27 17:06:01 EST 2005


The -i switch is what's killing the Snort service. I'm guessing the reason
why it's happening to some and not others is that some are specifying the -i
switch and others are not.

I know in most cases (especially home and small business users) that the -i
can be omitted, but this usually means Snort will automatically use the
first interface in line, and I believe that is where the problem occurs.

If you are running snort as a service, logging to a database and WinPcap 3.1
uses the first interface in line, then WinPcap 3.1 may work, but I don't
think so. We are past that point to check it out on our clean install.

Tomorrow we will do another clean install and verify if it works, or someone
else could check.

I'm sure there is a hack to the registry that can be done to fix the
problem, but its windows :)

I guess they need to figure out if it's a Snort problem or a WinPcap problem
and fix it. I'm fairly sure it's WinPcap.

Kindest regards,

WINSNORT.com Management Team Member
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Lee Clemens
Sent: Tuesday, December 27, 2005 2:54 PM
To: 'Rich Adamson'; 'Michael Steele'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Problem: Win32 v2.4.3 does not start as a Service

I've been using 3.1 for some time now with no issues. However, I do not
specify -I #, but use the config file to specifiy an interface to listen on.
Perhaps you could try doing that if you'd like to keep (or go back to) 3.1.

More information about the Snort-users mailing list