Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem)

[Kyle R Maxwell <kmaxwell () superpages com>]

Just a suggestion: logger is probably a better way to go than just
writing to /var/log/messages, since a lot of folks probably use a syslog
server instead. Something like 

/usr/bin/logger -p auth.notice "put your message here"

works really well. I think logger is available on all platforms; this is
from Solaris (the path could be wrong too, that's off the top of my
head).

But that's a really useful script, and a lot more lightweight than
daemontools!

On Mon, 6 Aug 2001, Dragos Ruiu wrote:

> I too find daemontools a bit of overkill for this problem.  Here is a little 
> shell script excerpt that you can run from crontab once a minute
> or once every couple of minutes to restart dead snorts and it will 
> also log crashes so you know about them:
>
> #!/bin/sh
> $i = "snort.conf"
> for $IFACE in fxp0 fxp1
> do
>     if [ -f /var/run/snort_$IFACE.pid ]; then
>         if !  ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then
>               echo `date` snorthup: removing bogus pidfile >>/var/log/messages
>               echo `date` snorthup: restarting absentee snort on $IFACE with conf file $i >>/var/log/messages
>
>               rm -f /var/run/snort_$IFACE.pid
>               /usr/local/bin/snort -D -c $i -i $IFACE
>         fi;
>       else
>            echo `date` snorthup: restarting snort on $IFACE with conf file $i >>/var/log/messages
>             /usr/local/bin/snort -D -c $i -i $IFACE
>       fi
> done
>         

-- 
Kyle Maxwell
kmaxwell () superpages com
SuperPages.com Sys Admin


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users