Snort mailing list archives
Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem)
From: Dragos Ruiu <dr () kyx net>
Date: Tue, 7 Aug 2001 20:43:51 -0700
Way good suggestion. The path looks multiplatform to me. Once you hit Solaris, (Open, Free...)BSD, Linux your're pretty universal... I'm not logged into a HPUX or AIX box to check now but this is a groovy mod. thanks, --dr --kyx-- #!/bin/sh #snorthup: Snort Restarter and Crash Logger #(dr () kyx net with help from kmaxwell () superpages com) $conf = "snort.conf" for $IFACE in fxp0 fxp1 do if [ -f /var/run/snort_$IFACE.pid ]; then if ! ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then /usr/bin/logger -p user.notice snorthup: removing bogus pidfile /usr/bin/logger -p user.notice snorthup: restarting absentee snort on $IFACE with conf file $i rm -f /var/run/snort_$IFACE.pid /usr/local/bin/snort -D -c $conf -i $IFACE fi; else /usr/bin/logger -p user.notice snorthup: restarting snort on $IFACE with conf file $conf /usr/local/bin/snort -D -c $conf -i $IFACE fi done --kyx-- On Tue, 07 Aug 2001, Kyle R Maxwell wrote:
Just a suggestion: logger is probably a better way to go than just writing to /var/log/messages, since a lot of folks probably use a syslog server instead. Something like /usr/bin/logger -p auth.notice "put your message here" works really well. I think logger is available on all platforms; this is from Solaris (the path could be wrong too, that's off the top of my head). But that's a really useful script, and a lot more lightweight than daemontools! On Mon, 6 Aug 2001, Dragos Ruiu wrote:I too find daemontools a bit of overkill for this problem. Here is a little shell script excerpt that you can run from crontab once a minute or once every couple of minutes to restart dead snorts and it will also log crashes so you know about them: #!/bin/sh $i = "snort.conf" for $IFACE in fxp0 fxp1 do if [ -f /var/run/snort_$IFACE.pid ]; then if ! ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then echo `date` snorthup: removing bogus pidfile >>/var/log/messages echo `date` snorthup: restarting absentee snort on $IFACE with conf file $i >>/var/log/messages rm -f /var/run/snort_$IFACE.pid /usr/local/bin/snort -D -c $i -i $IFACE fi; else echo `date` snorthup: restarting snort on $IFACE with conf file $i >>/var/log/messages /usr/local/bin/snort -D -c $i -i $IFACE fi done-- Kyle Maxwell kmaxwell () superpages com SuperPages.com Sys Admin
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log file problem Ush (Aug 04)
- Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Re: Re: Log file problem Jörgen Persson (Aug 05)
- Re: Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Re: Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Snort Restarter and Crash Logger (was Re: Re: Log file problem) Dragos Ruiu (Aug 06)
- Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem) Kyle R Maxwell (Aug 07)
- Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem) Dragos Ruiu (Aug 07)
- Re: Log file problem Ush (Aug 05)
- Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Re: Log file problem Jörgen Persson (Aug 05)
- Re: Log file problem Ush (Aug 05)
- <Possible follow-ups>
- Re: Re: Log file problem Rob Whelan (Aug 05)
- Re: Log file problem Ush (Aug 05)