Re: Multiple Snort Instances

["adelein rodriguez" <arodr059 () cs fiu edu>]

the problem is that the snort script uses the function pidof. When it does
a restart it looks for the pidof snort to see if it is already running, if
it is then it kills it and then starts it over again, if it doesnt find it
then it start a new process. Make sure pidof is in a common path, to
simplify the problem, just do a whereis pidof, copy the path and put it in
the snort init file instead of having pidof alone. This way you will know
for sure that it is finding the pid of snort and not starting another new
process. I went through this problem already. This is of course for
linux/unix OS.

--Adelein


> Bob,
>
> I do something similar.  I use `killall snort` though.  It seems to work
> fine.
>
> Matt.
>
> On Thu, 20 Jan 2005 08:05:58 -0800, Bob Konigsberg
> <bobkberg () networkeval com> wrote:
> > Hi all - I've got a bunch of Snort installs where there's a script that
> > runs
> > at midnight to do the following:
> > 1) Rename the alert file to alert.date (whatever it might be)
> > 2) Restart Snort
> >
> > This results in multiple instances of snort running, and I build up
> > another
> > instance per day.
> >
> > When I run the snort restart (or "snort stop" followed by "snort start")
> > manually, I never see this behavior.  It only occurs when the script
> > that
> > does it gets run by crontab.
> >
> > If I manually do an "/etc/init.d/snort stop" both processes are shut
> > down.
> > When followed by "/etc/init.d/snort start" then there is, as should be,
> > only
> > one instance running.
> >
> > Any ideas?
> >
> > Thanks all,
> >
> > Bob Konigsberg
> > Network Evaluation
> > (408) 395-3921 (Office)
> > (408) 839-8464 (Cell)
> > "The only reason anyone has a job is because someone else has a problem.
> > What are YOU doing to solve that problem?"
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users