Snort mailing list archives
RE: Snort as a service in W2k
From: "Johnson, David" <DJohnson () IronMountain com>
Date: Mon, 27 Aug 2001 19:42:33 -0400
You might just double (triple) check that you don't have a typo in the registry entry that contains the command line options for Snort. You could also try enabling the "Interact with the desktop" option. This may allow you to see what is going wrong when the service attempts to start. -----Original Message----- From: Steve Moran [mailto:steve.moran () csssoftware com] Sent: Monday, August 27, 2001 4:10 PM To: Johnson, David; Steve Moran; snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort as a service in W2k its not that the service isn't starting, which would be the case if I typo'd a path or a something along those lines. Its that after it does start, no logging occurs, no alert.ids is created, and snort does not appear in the processes list. However, if I run it via command line, with the same options, alert.ids is created, I get acid alerts, and snort is in the processes list. According to the instructions instsrv srvany c:\path\srvany.exe instsrv snort c:\path\srvany.exe then find snort in the registry and add the parameter key, and the two strings, application with the value of the path, and appparameters with the flags. I've done all that, and what happens is that when I start the service srvany start, but not snort. I've checked my other snort boxes and the reg entry looks ok. -----Original Message----- From: Johnson, David [mailto:DJohnson () IronMountain com] Sent: Monday, August 27, 2001 4:56 PM To: 'Steve Moran'; snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort as a service in W2k As an idea, make sue that when you are testing running Snort from the command line that you start in C:\ and run with the same command line options (this will recreate the service's attempt to start). I have had similar experiences setting up the service where the problem was one of a path typo or some other such silly mistake. Good luck. -----Original Message----- From: Steve Moran [mailto:steve.moran () csssoftware com] Sent: Monday, August 27, 2001 3:14 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort as a service in W2k I have set up snort1.8 to run as a service per Micheal Steele's instructions, and it doesn't run. I have set it up before, and its always been fine. This time I can't get it to work. It starts, but I don't see snort running under task manager, and no alert.ids file is created. If I run it from the command prompt it runs just fine, ie alerts.ids is created and snort is running in task manager. I can't find anything wrong with the way I set up the service. Steve Moran Network Security CSS, Inc. (303) 526-5515 (work) (303) 526-3464 x132 (direct) (720) 244-7038 (cell) steve.moran () csssoftware com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort as a service in W2k Steve Moran (Aug 27)
- <Possible follow-ups>
- RE: Snort as a service in W2k Johnson, David (Aug 27)
- RE: Snort as a service in W2k Steve Moran (Aug 27)
- RE: Snort as a service in W2k Johnson, David (Aug 27)
- RE: Snort as a service in W2k Steve Moran (Aug 28)