Snort mailing list archives
RE: New feature request
From: Steve Hutchins <Steve.Hutchins () optimation co nz>
Date: Thu, 16 Aug 2001 17:18:35 +1200
There lies part of my problem. I have a script running on the sensors that monitors vital processes and restarts snort if it's not running. If the d/b has hung or bombed out, this script will retry every so many minutes and notify me by email that there is a problem. If I can't sort out the d/b problem for some time, none of the sensors are working. I have the same script running on the d/b server, but this only detects if a process is not running and not if the mysql is not responding. I could update it to be more intelligent, but it still means that snort will die which I don't want. Steve -----Original Message----- From: Dragos Ruiu [mailto:dr () kyx net] Sent: Thursday, 16 August 2001 4:52 p.m. To: Steve Hutchins; 'snort-users' Subject: Re: [Snort-users] New feature request I know it's not the full answer to your request, but this might help make sure your sensors come back after the db starts if it flakes.... cheers, --dr 6.20 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq-- Q: My snort crashes, how do I restart it? A: Try this shell script or daemontools #!/bin/sh #snorthup: Snort Restarter and Crash Logger #(dr () kyx net with help from kmaxwell () superpages com) $conf = "snort.conf" for $IFACE in fxp0 fxp1 do if [ -f /var/run/snort_$IFACE.pid ]; then if ! ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then /usr/bin/logger -p user.notice snorthup: removing bogus pidfile /usr/bin/logger -p user.notice snorthup: restarting absentee snort on $IFACE with conf file $conf rm -f /var/run/snort_$IFACE.pid /usr/local/bin/snort -D -c $conf -i $IFACE fi; else /usr/bin/logger -p user.notice snorthup: restarting snort on $IFACE with conf file $conf /usr/local/bin/snort -D -c $conf -i $IFACE fi done On Wed, 15 Aug 2001, Steve Hutchins wrote:
Any chance of adding a config option to the database plugin that tells it not to kill snort if it can't communicate with the database. On several occasions, I have lost all sensors when the main database died. How about having the d/b plugin just retry connecting to the d/b periodically and just report via syslog if it can't connect. This lets snort still collect data to binary file. Steve _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New feature request Steve Hutchins (Aug 15)
- Re: New feature request Dragos Ruiu (Aug 15)
- <Possible follow-ups>
- RE: New feature request Steve Hutchins (Aug 15)
- RE: New feature request Dragos Ruiu (Aug 15)
- RE: New feature request Burleson, Lee (IA) (Aug 16)
- RE: New feature request Dragos Ruiu (Aug 16)