[Snort-users] snort as windows as service and logging to the windows event log

snort snort at ...16112...
Wed Feb 27 05:57:20 EST 2013


Hi

I have a question regarding running snort as windows as service and logging to the windows event log.

I used the –E argument and logging is sort of working but all the logs appear as follows:

“The description for Event ID 1 from source snort cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

[0:0:0:0] POLICY Outbound Teredo traffic detected [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 0.0.0.0:62762 -> 0.0.0.0:3544

The specified image file did not contain a resource section”

I have confirmed and the snort entry *appears* correct in the registry as valid event log source.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\snort]
"EventMessageFile"=”d:\snort\bin\snort.exe”


Thanks
GarethE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130227/8eebc37c/attachment.html>


More information about the Snort-users mailing list