No subject


Thu Nov 23 16:36:19 EST 2017


 

snort /SERVICE /SHOW

 

Make sure the parameters are correct and you can cut and paste to this next
test.

 

Run snort from a shell and use the FULL command line and tag a -T on the
end.

 

Example: snort -c <full path>\snort.conf -l <full path>\log -i1 -T

 

You should see the error. Also check the Event Log under Application for any
errors Snort may have generated.

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician    
 mailto:michaels at ...9077...   
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

  _____  

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Sean Lazar
Sent: Saturday, August 23, 2003 7:27 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] RE: Win32 Snort as a service: Error 1067

 

I modified the install to my specs. I followed the guide
http://www.silicondefense.com/support/windows/winsnortdocs/winsnarfiis.php
but I changed the service install command. I only have one partition (no D
drive) and didn't want to run IIS.

 

I wanted to share my experiences with how I got the error 1067, and what I
did to change it.

 

The command:

snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1

will give an error 1067 when you try to start the service.

 

The command:

snort /service /install -l C:\snort\log

works better and does not give the error. I think that the -c paramater is
the culprit.

 

 

It looks like the snort found on your website
http://www.silicondefense.com/support/windows/files/snort200/Snort_201_Build
88_Installer.exe and the one found on the snort page
http://www.snort.org/dl/binaries/win32/snort-2_0_1.exe are probably the same
because they have the same file size.

 

Hope that clarifies things.

 

Sean

----- Original Message ----- 

From: Michael <mailto:michaels at ...9077...>  Steele 

To: snort-users at lists.sourceforge.net 

Sent: Saturday, August 23, 2003 3:35 PM

Subject: RE: [Snort-users] RE: Win32 Snort as a service: Error 1067

 

Sean,

 

This is confusing.

 

Did you follow the guide exactly as it instructed, or did you modify the
install to your specs?

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician    
 mailto:michaels at ...9077...   
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


  _____  


From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Sean Lazar
Sent: Saturday, August 23, 2003 2:10 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] RE: Win32 Snort as a service: Error 1067

 

Hi I wanted to share my experiences with Snort on Windows, and the error
1067 when I used it as a service. I have a windows xp machine and have
installed the 2.0.1 win32 binary off the snort.org website. Winpcap 3.0.0
installed. Easy install and I just went for it and I got it to run as a
service with the commands:

 

C:\>cd C:\snort\bin

C:\>snort /service /install -l C:\snort\log

 

no problems there. The service starts and stops beautifully. But then I
tried following Silicon Defense's guide and that's when I got the 1026
error:

http://www.silicondefense.com/support/windows/winsnortdocs/winsnarfiis.php

 

Michael uses the command: snort /SERVICE /INSTALL -c
d:\applications\snort\etc\snort.conf -l c:\Inetpub\wwwroot\log -ix

 

I modified that (only one partition and no iis).

 

snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1

 

At that point when you try to start the service it stops and gives you an
error 1067.

 

Hope that helps confused people. Note I didn't download snort off of
www.silicondefense.com. Perhaps it is a slightly different build w/ fixes.

 

Sean


------=_NextPart_000_0017_01C369CE.7D8B5A90
Content-Type: text/html; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:blue;
	text-decoration:underline;}
p
	{margin-right:0in;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman";}
span.emailstyle17
	{font-family:Arial;
	color:navy;}
span.EmailStyle19
	{font-family:Arial;
	color:navy;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Ok, so you didn’t want to install
IIS so did you follow the guide for Apache?</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>This problem is only specific to your
install and is something that is not a general problem.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You MUST specify a snort.conf file usi=
ng
the -c switch, and all the necessary paths MUST be specified in that file. =
Go
back and check this out.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Look in your event viewer under
application for any errors that Snort may have generated.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>To start over:</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Remove the service: snort /SERVICE /UN=
INSTALL</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Note: You may need a reboot</span></fo=
nt></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Make SURE you have properly edited your
snort.conf</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Now CD to the snort\bin folder and ins=
tall
the service: snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort=
\log
-i1 </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Try running Snort using the service ag=
ain
and see if it is operating properly.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>To do this, go into services and go do=
wn
the list to the ‘snort’ entry, right click on the snort entry a=
nd select
start.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>If Snort still failed then:</span></fo=
nt></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>From the shell CD to your snort\bin fo=
lder
and type:</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>snort /SERVICE /SHOW</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Make sure the parameters are correct a=
nd
you can cut and paste to this next test.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Run snort from a shell and use the FULL
command line and tag a -T on the end.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Example: snort -c <full path>\sn=
ort.conf
-l <full path>\log -i1 -T</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>You should see the error. Also check t=
he
Event Log under Application for any errors Snort may have generated.</span>=
</font></p>

<div>

<p style=3D'margin-bottom:12.0pt'><font size=3D2 color=3Dnavy face=3D"Times=
 New Roman"><span
style=3D'font-size:10.0pt;color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
 System Engineer / Security Support Technician    =
<br>
 <a href=3D"mailto:michaels at ...9077...">mailto:michaels at ...9077...</a>=
   <br>
 Website: <a href=3D"http://www.winsnort.com">http://www.winsnort.com<=
/a><br>
 Snort: Open Source Network IDS - <a href=3D"http://www.snort.org">htt=
p://www.snort.org</a></span></font></p>

</div>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font siz=
e=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span style=3D'font-si=
ze:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'>
snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] <b><span style=3D'font-wei=
ght:
bold'>On Behalf Of </span></b>Sean Lazar<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Saturday, August 23, 2=
003
7:27 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
snort-users at lists.sourceforge.net<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Re: [Snort-users] R=
E:
Win32 Snort as a service: Error 1067</span></font></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>I modified the install to my specs. I followed the guide=
 <a
href=3D"http://www.silicondefense.com/support/windows/winsnortdocs/winsnarf=
iis.php">http://www.silicondefense.com/support/windows/winsnortdocs/winsnar=
fiis.php</a> but
I changed the service install command. I only have one partition (no D driv=
e)
and didn't want to run IIS.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>I wanted to share my experiences with how I got the error
1067, and what I did to change it.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>The command:</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l
c:\snort\log -i1</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>will give an error 1067 when you try to start the servic=
e.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>The command:</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>snort /service /install -l C:\snort\log</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>works better and does not give the error. I think that t=
he
-c paramater is the culprit.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>It looks like the snort found on your website <a
href=3D"http://www.silicondefense.com/support/windows/files/snort200/Snort_=
201_Build88_Installer.exe">http://www.silicondefense.com/support/windows/fi=
les/snort200/Snort_201_Build88_Installer.exe</a> and
the one found on the snort page <a
href=3D"http://www.snort.org/dl/binaries/win32/snort-2_0_1.exe">http://www.=
snort.org/dl/binaries/win32/snort-2_0_1.exe</a> are
probably the same because they have the same file size.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>Hope that clarifies things.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>Sean</span></font></p>

</div>

<blockquote style=3D'border:none;border-left:solid black 1.5pt;padding:0in =
0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>----- Original Message ----- </span></font></p>

</div>

<div style=3D'font-color:black'>

<p class=3DMsoNormal style=3D'background:#E4E4E4'><b><font size=3D2 face=3D=
Arial><span
style=3D'font-size:10.0pt;font-family:Arial;font-weight:bold'>From:</span><=
/font></b><font
size=3D2 face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> <a
href=3D"mailto:michaels at ...9077..." title=3D"michaels at ...9077...">Michael
Steele</a> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span style=3D'font-siz=
e:10.0pt;
font-family:Arial;font-weight:bold'>To:</span></font></b><font size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> <a
href=3D"mailto:snort-users at lists.sourceforge.net"
title=3D"snort-users at lists.sourceforge.net">snort-users at ...973...=
et</a>
</span></font></p>

</div>

<div>

<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span style=3D'font-siz=
e:10.0pt;
font-family:Arial;font-weight:bold'>Sent:</span></font></b><font size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> Saturday, =
August
23, 2003 3:35 PM</span></font></p>

</div>

<div>

<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span style=3D'font-siz=
e:10.0pt;
font-family:Arial;font-weight:bold'>Subject:</span></font></b><font size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> RE: [Snort=
-users]
RE: Win32 Snort as a service: Error 1067</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Sean,</span></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>This is confusing.</span></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Did you follow the guide exactly as it
instructed, or did you modify the install to your specs?</span></font></p>

<div>

<p style=3D'margin-bottom:12.0pt'><font size=3D2 color=3Dnavy face=3D"Times=
 New Roman"><span
style=3D'font-size:10.0pt;color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
 System Engineer / Security Support Technician    =
<br>
 <a href=3D"mailto:michaels at ...9077...">mailto:michaels at ...9077...</a>=
   <br>
 Website: <a href=3D"http://www.winsnort.com">http://www.winsnort.com<=
/a><br>
 Snort: Open Source Network IDS - <a href=3D"http://www.snort.org">htt=
p://www.snort.org</a></span></font></p>

</div>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font siz=
e=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabIndex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span style=3D'font-si=
ze:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> <a
href=3D"mailto:snort-users-admin at lists.sourceforge.net">snort-users-admin at ...2902...=
ists.sourceforge.net</a>
[mailto:snort-users-admin at lists.sourceforge.net] <b><span style=3D'font-wei=
ght:
bold'>On Behalf Of </span></b>Sean Lazar<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Saturday, August 23, 2=
003
2:10 AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
snort-users at lists.sourceforge.net<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> [Snort-users] RE: W=
in32
Snort as a service: Error 1067</span></font></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>Hi I wanted to share my experiences with Snort on Window=
s,
and the error 1067 when I used it as a service. I have a windows xp machine=
 and
have installed the 2.0.1 win32 binary off the snort.org website. Winpcap 3.=
0.0
installed. Easy install and I just went for it and I got it to run as a ser=
vice
with the commands:</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>C:\>cd C:\snort\bin</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>C:\>snort /service /install -l C:\snort\log</span></f=
ont></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>no problems there. The service starts and stops beautifu=
lly.
But then I tried following Silicon Defense's guide and that's when I got the
1026 error:</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'><a
href=3D"http://www.silicondefense.com/support/windows/winsnortdocs/winsnarf=
iis.php">http://www.silicondefense.com/support/windows/winsnortdocs/winsnar=
fiis.php</a></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>Michael uses the command: snort /SERVICE /INSTALL -c
d:\applications\snort\etc\snort.conf -l c:\Inetpub\wwwroot\log -ix</span></=
font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>I modified that (only one partition and no iis).</span><=
/font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l
c:\snort\log -i1</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>At that point when you try to start the service it stops=
 and
gives you an error 1067.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>Hope that helps confused people. Note I didn't download
snort off of <a href=3D"http://www.silicondefense.com">www.silicondefense.c=
om</a>.
Perhaps it is a slightly different build w/ fixes.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D=
'font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1=
0.0pt;
font-family:Arial'>Sean</span></font></p>

</div>

</blockquote>

</div>

</body>

</html>

------=_NextPart_000_0017_01C369CE.7D8B5A90--






More information about the Snort-users mailing list