Snort mailing list archives

Re: New feature request

From: Dragos Ruiu <dr () kyx net>
Date: Wed, 15 Aug 2001 21:52:29 -0700

I know it's not the full answer to your request, but this might help
make sure your sensors come back after the db starts if it flakes....

cheers,
--dr

6.20 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: My snort crashes, how do I restart it?

A: Try this shell script or daemontools

#!/bin/sh
#snorthup: Snort Restarter and Crash Logger
#(dr () kyx  net with help from kmaxwell () superpages com)
$conf = "snort.conf"
for $IFACE in fxp0 fxp1
do
    if [ -f /var/run/snort_$IFACE.pid ]; then
        if !  ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then
            /usr/bin/logger -p user.notice snorthup: removing bogus pidfile
            /usr/bin/logger -p user.notice snorthup: restarting absentee snort on $IFACE with conf file $conf
            rm -f /var/run/snort_$IFACE.pid
            /usr/local/bin/snort -D -c $conf -i $IFACE
        fi;
   else
       /usr/bin/logger -p user.notice snorthup: restarting snort on $IFACE with conf file $conf
       /usr/local/bin/snort -D -c $conf -i $IFACE
   fi
done
  

On Wed, 15 Aug 2001, Steve Hutchins wrote:

Any chance of adding a config option to the database 
plugin that tells it not to kill snort
if it can't communicate with the database.

On several occasions, I have lost all sensors
when the main database died.
How about having the d/b plugin just retry connecting
to the d/b periodically and just report via syslog
if it can't connect. This lets snort still collect
data to binary file.

Steve

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Dragos Ruiu <dr () dursec com>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

New feature request Steve Hutchins (Aug 15)
- Re: New feature request Dragos Ruiu (Aug 15)
- <Possible follow-ups>
- RE: New feature request Steve Hutchins (Aug 15)
  - RE: New feature request Dragos Ruiu (Aug 15)
- RE: New feature request Burleson, Lee (IA) (Aug 16)
  - RE: New feature request Dragos Ruiu (Aug 16)