Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort exit

From: Ed Kasky <ed () esson net>
Date: Sun, 04 Nov 2001 11:07:41 -0800
Tim Hughes gave me this tip and it works for me as well:

"I run snort as an auto started service on RedHat 6.2 and I compile from
source with an /opt/snort prefix to make upgrades and removal much easier.
(I have a habit of doing this for all 3rd party software)  I have attached
the script I use in the cron job (snort-check.sh) and my snort init file
(snort).  You will need to change the path in the crontab line and in the
snort-check.sh file to the appropriate paths for your environment."

The crontab line reads:

*/1 * * * * /sbin/snort-check.sh

-=> snort-check.sh <=-

#!/bin/sh

# Check the status of snort

pid=`/sbin/pidof snort`
#echo "pid $pid"

if [ "$pid" =  "" ]; then
        /etc/rc.d/init.d/snort start
        echo -n "Snort has been restarted"
        exit 0
fi

exit 0

-=> snort init <=-

#!/bin/sh
#
# Startup script for the Snort Intrusion Detection Engine
#
# chkconfig: 345 85 15
# description: Snort is an intrusion detection engine.  It is \
#               used to detect hostile attacks on a network.
# processname: snort
# pidfile: /var/run/snort.pid
# config: /opt/snort/rules/snort.conf


# Source function library.
. /etc/rc.d/init.d/functions

# See how we were called.
case "$1" in
 start)
        echo -n "Starting snort:"
daemon /opt/snort/bin/snort -u snort -g snort -c /opt/snort/rules/snort.conf -d -D -i ppp0 
        echo
        touch /var/lock/subsys/snort
        ;;
 stop)
        echo -n "Shutting down snort:"
        killproc snort
        echo
        rm -f /var/lock/subsys/snort
        rm -f /chroot/httpd/var/run/snort
        ;;
 status)
        status snort
        ;;
 restart)
        $0 stop
        $0 start
        ;;
 *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 1
esac

exit 0


At 07:34 PM Sunday, 11/4/2001, mysiar () wp pl wrote -=>

hi
does anybody knows why snort terminates itself?
what's happening and how I can avoid it?

I need to run snort all the time.

maybe somebody already wrote kind of deamon to monitor
snort and start it again when it dies.


Ed Kasky
Los Angeles, CA
. . . . . . . .
Nothing contributes more to peace of soul than having
no opinion at all.
        -George Christopher Lichtenberg


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: