Snort mailing list archives
[no subject]
snort /SERVICE /SHOW Make sure the parameters are correct and you can cut and paste to this next test. Run snort from a shell and use the FULL command line and tag a -T on the end. Example: snort -c <full path>\snort.conf -l <full path>\log -i1 -T You should see the error. Also check the Event Log under Application for any errors Snort may have generated. Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Sean Lazar Sent: Saturday, August 23, 2003 7:27 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] RE: Win32 Snort as a service: Error 1067 I modified the install to my specs. I followed the guide http://www.silicondefense.com/support/windows/winsnortdocs/winsnarfiis.php but I changed the service install command. I only have one partition (no D drive) and didn't want to run IIS. I wanted to share my experiences with how I got the error 1067, and what I did to change it. The command: snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1 will give an error 1067 when you try to start the service. The command: snort /service /install -l C:\snort\log works better and does not give the error. I think that the -c paramater is the culprit. It looks like the snort found on your website http://www.silicondefense.com/support/windows/files/snort200/Snort_201_Build 88_Installer.exe and the one found on the snort page http://www.snort.org/dl/binaries/win32/snort-2_0_1.exe are probably the same because they have the same file size. Hope that clarifies things. Sean ----- Original Message ----- From: Michael <mailto:michaels () winsnort com> Steele To: snort-users () lists sourceforge net Sent: Saturday, August 23, 2003 3:35 PM Subject: RE: [Snort-users] RE: Win32 Snort as a service: Error 1067 Sean, This is confusing. Did you follow the guide exactly as it instructed, or did you modify the install to your specs? Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Sean Lazar Sent: Saturday, August 23, 2003 2:10 AM To: snort-users () lists sourceforge net Subject: [Snort-users] RE: Win32 Snort as a service: Error 1067 Hi I wanted to share my experiences with Snort on Windows, and the error 1067 when I used it as a service. I have a windows xp machine and have installed the 2.0.1 win32 binary off the snort.org website. Winpcap 3.0.0 installed. Easy install and I just went for it and I got it to run as a service with the commands: C:\>cd C:\snort\bin C:\>snort /service /install -l C:\snort\log no problems there. The service starts and stops beautifully. But then I tried following Silicon Defense's guide and that's when I got the 1026 error: http://www.silicondefense.com/support/windows/winsnortdocs/winsnarfiis.php Michael uses the command: snort /SERVICE /INSTALL -c d:\applications\snort\etc\snort.conf -l c:\Inetpub\wwwroot\log -ix I modified that (only one partition and no iis). snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1 At that point when you try to start the service it stops and gives you an error 1067. Hope that helps confused people. Note I didn't download snort off of www.silicondefense.com. Perhaps it is a slightly different build w/ fixes. Sean ------=_NextPart_000_0017_01C369CE.7D8B5A90 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable <html> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered)"> <style> <!-- /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:blue; text-decoration:underline;} p {margin-right:0in; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman";} span.emailstyle17 {font-family:Arial; color:navy;} span.EmailStyle19 {font-family:Arial; color:navy;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </style> </head> <body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dblue> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Ok, so you didn’t want to = install IIS so did you follow the guide for Apache?</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>This problem is only specific to = your install and is something that is not a general = problem.</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>You MUST specify a snort.conf file = using the -c switch, and all the necessary paths MUST be specified in that = file. Go back and check this out.</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Look in your event viewer under application for any errors that Snort may have = generated.</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>To start over:</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Remove the service: snort /SERVICE = /UNINSTALL</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Note: You may need a = reboot</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Make SURE you have properly edited = your snort.conf</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Now CD to the snort\bin folder and = install the service: snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l = c:\snort\log -i1 </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Try running Snort using the service = again and see if it is operating properly.</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>To do this, go into services and go = down the list to the ‘snort’ entry, right click on the snort = entry and select start.</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>If Snort still failed = then:</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>From the shell CD to your snort\bin = folder and type:</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>snort /SERVICE = /SHOW</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Make sure the parameters are = correct and you can cut and paste to this next test.</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Run snort from a shell and use the = FULL command line and tag a -T on the end.</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Example: snort -c <full = path>\snort.conf -l <full path>\log -i1 -T</span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>You should see the error. Also = check the Event Log under Application for any errors Snort may have = generated.</span></font></p> <div> <p style=3D'margin-bottom:12.0pt'><font size=3D2 color=3Dnavy = face=3D"Times New Roman"><span style=3D'font-size:10.0pt;color:navy'>Cheers...<br> <br> -Michael Steele<br> --<br> System Engineer / Security Support = Technician <br> <a = href=3D"mailto:michaels () winsnort com">mailto:michaels () winsnort com</a>&nb= sp; <br> Website: <a = href=3D"http://www.winsnort.com";>http://www.winsnort.com</a><br> Snort: Open Source Network IDS - <a = href=3D"http://www.snort.org";>http://www.snort.org</a></span></font></p> </div> <div> <div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font = size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1> </span></font></div> <p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span = style=3D'font-size:10.0pt; font-family:Tahoma;font-weight:bold'>From:</span></font></b><font = size=3D2 face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] <b><span = style=3D'font-weight: bold'>On Behalf Of </span></b>Sean Lazar<br> <b><span style=3D'font-weight:bold'>Sent:</span></b> Saturday, August = 23, 2003 7:27 PM<br> <b><span style=3D'font-weight:bold'>To:</span></b> snort-users () lists sourceforge net<br> <b><span style=3D'font-weight:bold'>Subject:</span></b> Re: = [Snort-users] RE: Win32 Snort as a service: Error 1067</span></font></p> </div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I modified the install to my specs. I followed the = guide <a href=3D"http://www.silicondefense.com/support/windows/winsnortdocs/winsna= rfiis.php">http://www.silicondefense.com/support/windows/winsnortdocs/win= snarfiis.php</a> but I changed the service install command. I only have one partition (no D = drive) and didn't want to run IIS.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I wanted to share my experiences with how I got the = error 1067, and what I did to change it.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>The command:</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>will give an error 1067 when you try to start the = service.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>The command:</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>snort /service /install -l = C:\snort\log</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>works better and does not give the error. I think = that the -c paramater is the culprit.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>It looks like the snort found on your website <a href=3D"http://www.silicondefense.com/support/windows/files/snort200/Snor= t_201_Build88_Installer.exe">http://www.silicondefense.com/support/window= s/files/snort200/Snort_201_Build88_Installer.exe</a> and the one found on the snort page <a href=3D"http://www.snort.org/dl/binaries/win32/snort-2_0_1.exe";>http://ww= w.snort.org/dl/binaries/win32/snort-2_0_1.exe</a> are probably the same because they have the same file = size.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Hope that clarifies things.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Sean</span></font></p> </div> <blockquote style=3D'border:none;border-left:solid black = 1.5pt;padding:0in 0in 0in 4.0pt; margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'=
<div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>----- Original Message ----- </span></font></p> </div> <div style=3D'font-color:black'> <p class=3DMsoNormal style=3D'background:#E4E4E4'><b><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial;font-weight:bold'>From:</span=
</font></b><font
size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> <a href=3D"mailto:michaels () winsnort com" = title=3D"michaels () winsnort com">Michael Steele</a> </span></font></p> </div> <div> <p class=3DMsoNormal><b><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial;font-weight:bold'>To:</span></font></b><font size=3D2 face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> <a href=3D"mailto:snort-users () lists sourceforge net" title=3D"snort-users () lists sourceforge net">snort-users@lists.sourceforge= .net</a> </span></font></p> </div> <div> <p class=3DMsoNormal><b><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial;font-weight:bold'>Sent:</span></font></b><font = size=3D2 face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> = Saturday, August 23, 2003 3:35 PM</span></font></p> </div> <div> <p class=3DMsoNormal><b><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial;font-weight:bold'>Subject:</span></font></b><font = size=3D2 face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'> RE: = [Snort-users] RE: Win32 Snort as a service: Error 1067</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Sean,</span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>This is = confusing.</span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Did you follow the guide exactly as = it instructed, or did you modify the install to your = specs?</span></font></p> <div> <p style=3D'margin-bottom:12.0pt'><font size=3D2 color=3Dnavy = face=3D"Times New Roman"><span style=3D'font-size:10.0pt;color:navy'>Cheers...<br> <br> -Michael Steele<br> --<br> System Engineer / Security Support = Technician <br> <a = href=3D"mailto:michaels () winsnort com">mailto:michaels () winsnort com</a>&nb= sp; <br> Website: <a = href=3D"http://www.winsnort.com";>http://www.winsnort.com</a><br> Snort: Open Source Network IDS - <a = href=3D"http://www.snort.org";>http://www.snort.org</a></span></font></p> </div> <div> <div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font = size=3D3 face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> <hr size=3D2 width=3D"100%" align=3Dcenter tabIndex=3D-1> </span></font></div> <p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span = style=3D'font-size:10.0pt; font-family:Tahoma;font-weight:bold'>From:</span></font></b><font = size=3D2 face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> <a href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admin= @lists.sourceforge.net</a> [mailto:snort-users-admin () lists sourceforge net] <b><span = style=3D'font-weight: bold'>On Behalf Of </span></b>Sean Lazar<br> <b><span style=3D'font-weight:bold'>Sent:</span></b> Saturday, August = 23, 2003 2:10 AM<br> <b><span style=3D'font-weight:bold'>To:</span></b> snort-users () lists sourceforge net<br> <b><span style=3D'font-weight:bold'>Subject:</span></b> [Snort-users] = RE: Win32 Snort as a service: Error 1067</span></font></p> </div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Hi I wanted to share my experiences with Snort on = Windows, and the error 1067 when I used it as a service. I have a windows xp = machine and have installed the 2.0.1 win32 binary off the snort.org website. Winpcap = 3.0.0 installed. Easy install and I just went for it and I got it to run as a = service with the commands:</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>C:\>cd C:\snort\bin</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>C:\>snort /service /install -l = C:\snort\log</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>no problems there. The service starts and stops = beautifully. But then I tried following Silicon Defense's guide and that's when I got = the 1026 error:</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><a href=3D"http://www.silicondefense.com/support/windows/winsnortdocs/winsna= rfiis.php">http://www.silicondefense.com/support/windows/winsnortdocs/win= snarfiis.php</a></span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Michael uses the command: snort /SERVICE /INSTALL -c d:\applications\snort\etc\snort.conf -l c:\Inetpub\wwwroot\log = -ix</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I modified that (only one partition and no = iis).</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>snort /SERVICE /INSTALL -c c:\snort\etc\snort.conf -l c:\snort\log -i1</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>At that point when you try to start the service it = stops and gives you an error 1067.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Hope that helps confused people. Note I didn't = download snort off of <a = href=3D"http://www.silicondefense.com";>www.silicondefense.com</a>. Perhaps it is a slightly different build w/ fixes.</span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'> </span></font></p> </div> <div> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Sean</span></font></p> </div> </blockquote> </div> </body> </html> ------=_NextPart_000_0017_01C369CE.7D8B5A90-- ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [no subject] Unknown (Feb 04)