Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort not starting from cron

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 9 Sep 2002 07:46:59 -0700 (PDT)
On Mon, 9 Sep 2002, JB wrote:


I have had some issues with snort before, especially getting a signal 15
after snort would run for exactly one day.  The problem I came up with is
that snort would kill itself when it came near to re-writing log files
after 24 hrs.

I got around this by setting a cron job to kill snort before it normally
died, and then start it a minute later; by doing this I could keep snort
goign forever.  Now I cannot start snort from cron.

I use this command to start snort:  snort -A fast -b -c
/etc/snort/snort.conf -i eth1

and i am running snort v. 1.9.0beta4 (Build 195) on Debian GNU/Linux 3.0

the entry in my crontab looks like this:

0 0 * * * nohup /bin/sh snort -A fast -b -c /etc/snort/snort.conf -i eth1

i have also tried appending the command with an &, running it with nohup,
calling it from /bin/sh -c "snort -A fast -b -c /etc/snort/snort.conf -i
eth1", etc.  I have also tried chaning the times in my crontab in case
something conditional is happening.  Other entries in my crotab work, so
that is not the problem.  It seems that snort will start to run when it is
called upon by crontab, but dies immediately, as if the parent process is
being killed.

any help would be greatly appreciated.  I am also open to running snort in
other ways, so it stays running and I get my logs.


Josh,

        First, use the latest version of 1.9.x--Beta6 Build 202.

        Now for the stopping at midnight...  I think it's more to do with your
setup than with Snort.  If it were an issue with Snort, we would have seen
other people with the same issue.  I've been running build 202 for over a week
with no blips.

        Check your cron logs to see if there is a problem.  Have the output
emailed to you and see if there's something odd.  I have had a similar
problem with another application which took me over a month to solve.  Turns
out that there was a library that it couldn't find while running under cron.

        Try running snort under GDB or under something like strace, ktrace, or
truss.  Dump the output to a file and see what it shows as the reason for
dying.  Try building a 'wrapper script' for it.  Make sure it works via the
command line, then try it from cron.

        Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net




-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: