i found that if i comment out this line in the snort.conf file, it no
longer generates that error. do i have the syntax wrong?

output log_tcpdump: C:\Snort\log\tcpdump.log


dylan.roehrig@gmail.com (dylan) wrote in message news:<45dab8d7.0410191225.2d4498e2@posting.google. com>...
> Hi,
> I'm running snort on a Windows 2000 machine and it runs fine as long
> as i don't specify any rules file. this command:
>
> snort -l c:\snort\log -c c:\snort\etc\snort.conf
>
> generates a Dr Watson error saying
> "snort.exe has generated errors and will be closed by Windows. You
> need to restart the program. An error log is being created."
>
> This only seems to happen if I use the -c flag. When I look at the
> drwtsn32.log file, the instruction disassembly portion says:
>
> function: RtlEnterCriticalSection
> 77f82060 648b0d18000000 mov ecx,fs:[00000018]
> fs:00000018=????????
> 77f82067 8b542404 mov edx,[esp+0x4]
> ss:00ba74eb=????????
> FAULT ->77f8206b 837a1400 cmp dword ptr [edx+0x14],0x0
> ds:00a79f06=????????
> 77f8206f 0f859c7b0100 jne NtSetTimerResolution+0x227d
> (77f99c11)
> 77f82075 90 nop
> 77f82076 ff4204 inc dword ptr [edx+0x4]
> ds:00a79f06=????????
> 77f82079 0f852e080000 jne ZwQueryInformationThread+0xe
> (77f828ad)
> 77f8207f 8b4124 mov eax,[ecx+0x24]
> ds:80a57ee6=????????
> 77f82082 89420c mov [edx+0xc],eax
> ds:00a79f06=????????
> 77f82085 c7420801000000 mov dword ptr [edx+0x8],0x1
> ds:00a79f06=????????
> 77f8208c 33c0 xor eax,eax
> 77f8208e c20400 ret 0x4
>
> (sorry for the formatting)
>
> I tried both reinstalling and going to an older version of snort both
> with the same result - none.
>
> any help would be greatly appreciated.