Snort Service FAQ

1) Use must use complete paths for everything. This means EVERYTHING. Command line, configuration files, everything. Examples:
	All include statements must be full paths. I.E. 'include scan-lib' is WRONG. 'include C:\snort\scan-lib' is CORRECT.
	All Command line options must be full paths. I.E. 'snort.exe -l ./log' is WRONG. 'snort.exe -l C:\snort\log' is CORRECT.

2) YOU MUST ALWAYS HAVE A LOGGING DIRECTORY SET VIA THE COMMAND LINE(-l switch). If you do not set a logging directory the service will not start and, on NT/Win2k,  your bootup will hang for about 4 minutes.

3) How to install the snort service.
	Run snort like you would via command line but add a '-I'. I.E. 'snort.exe -c snort-lib -l ./log -h 192.168.1.0/24 -s' turns into 'snort.exe -c C:\snort\snort-lib -l C:\snort\log -h 192.168.1.0/24 -s -I'
	YOU MUST USE COMPLETE PATHS FOR ALL FILES/DIRECTORIES.
	NOTE: You do NOT need to add the -D option to the command line when you install the service. If -D is not there it will automatically be added.
	
4) How to remove the snort service.
	Run 'snort -R'.

5) Does the Service run on 9x/ME.
	Yes. It uses a horrible hack to get it to work. Because of this when you boot up you will see a black command prompt window for about 5 seconds before snort goes to the background. This service mode is considered a horrible hack and probably will not work in every situation.
	
6) What functions are support by the NT service.
	Start and Stop currently. Pause and Resume will be implemented later (Code already exists but not working properly).