Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Windows » Snort service startup problem

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Snort service startup problem


Posted by bcced on November 16, 2005 11:20:11

Hi everyone,

I'm installing Snort on an XP Pro box logging to SQL2005 Express. I've followed the setup instructions in an installation guide I got from Winsnort.com. I'm having problems getting the Snort service to start. It does not seem to try to start automatically (I'm not getting "service failed to start" messages at after booting), and when I attempt to start it via the Services applet, I receive this error:

Could not start the Snort service on Local Computer.
Error 1067: The process terminated unexpectedly.

Checking the Event Logs after this shows two logged errors, the first in the Application log, and the second in the system log:

1. Source: SnortService
If this build of snort was obtained as a binary distribution (e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mssql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mssql' switch.
For non-standard installations of a database, the '--with-mssql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.

2. Source: Service Control Manager
Category: None
Event ID: 7034
The Snort service terminated unexpectedly. It has done this 8 time(s).

I would really appreciate some help figuring out what's going wrong. I am using the Windows binary (obviously), version 2.4.3, logging to a local database, and here is the corresponding excerpt from my Snort.conf file:


output database: log, mssql, user=snort password=PWD_HERE dbname=snort host=127.0.0.1 port=1392 sensor_name=SENSOR_NAME

output database: alert, mssql, user=snort password=PWD_HERE dbname=snort host=127.0.0.1 port=1392 sensor_name=SENSOR_NAME

Thanks in advance.

Posted by JoePope on November 21, 2005 08:53:19

Did you select an interface? Go to a command prompt, cd into the snort\bin directory. The run "snort -v -i X" where X= the interface you want to use. Run "snort -W" to determine the interface.

I run snort with 3 interfaces on Windows 2003 w/MySQL with no problems. Just I did not install the service with "snort /SERVICE /INSTALL", I just used SRVANY from the Win 2000 resource kit.

Also, doesn't SQL listen on port 1433 and not 1392?

Posted by puma on July 31, 2006 21:01:30

ok, please change registry on part snortsvc, imagepath
"c:/Snort/bin/snort.exe"/SERVICE
now try on your system
ang goodluck
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.