[Snort-users] Need a bit of help about Snort and PCAP 3

Stephan Lantos stephan at ...13078...
Wed Feb 23 18:06:35 EST 2005


Thanks Michael, 

 

I did as you said, no Windows Command window opened up but the service could
not start and the application Event log shows the following:

 

Event ID = 1

 

"OpenPcap() FSM compilation failed:
            parse error
PCAP command: =1"

Running snort manually - command prompt to snortpath\bin and then issuing
"snort -v -i1" command works fine.

 

So, am not sure if the issue is with WinPCAP or snort as a service.  but it
won't start as a service, just shuts itself down immediately


Stephan Lantos
IT Manager
NA World Services
stephan at ...13078...
818.773.9999 x181



 

  _____  

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Michael Steele
Sent: Wednesday, February 23, 2005 5:24 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Need a bit of help about Snort and PCAP 3

 

What error does it create in the application log?

Try making the service interactive with windows and run it that way to test
your service install:

1) Go to services
2) Scroll down to the 'snort' service
3) Right-click on the 'snort' service and select 'Properties'
4) Left-click the 'Log on' tab
5) Tick the 'Allow the service to interact with desktop' radio button
6) Left-click 'Apply'
7) Left-click 'OK'
8) Right-click the 'snort' service
9) Left-click 'Stop'
10) Right-click the 'snort' service
11) Left-click 'Start'

This will cause a command window to open on the desktop when the service is
started in item 11. You should get more information on what the problem is.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides      
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

________________________________________
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Stephan Lantos
Sent: Wednesday, February 23, 2005 10:08 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Need a bit of help about Snort and PCAP 3

Hello all,

I just installed Snort 2.3.0RC2 with WinPCAP 3.0, as well as PHP, Acid,
etc.  The configuration was relatively easy, I got ACID working (which may
be a miracle), but whenever SNORT tries to run as a service I get the
following error:
"OpenPcap() FSM compilation failed:
            parse error
PCAP command: =1"

Now, I know snort is working because from the command line, I can do snort
-v or snort -v i1 and in each case it does fine.

I only have one Etrhernet card installed, so I know that 1 is the setting
for it.  What am I doing wrong?  Any ideas?

Thanks in advance,

Stephan Lantos
IT Manager
NA World Services
stephan at ...13078...
818.773.9999 x181



This email was sent on 2/23/05 at 10:07 AM.






-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95 <http://ads.osdn.com/?ad_ide95&alloc_id>
&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050223/7909618f/attachment.html>


More information about the Snort-users mailing list