Snort mailing list archives
Re: Re: snort not starting from cron (Marcel)
From: Error79 <Error79 () gmx de>
Date: Tue, 10 Sep 2002 18:53:01 +0200
I have had some issues with snort before, especially getting a signal 15 after snort would run for exactly one day. The problem I came up with is that snort would kill itself when it came near to re-writing log files after 24 hrs. I got around this by setting a cron job to kill snort before it normally died, and then start it a minute later; by doing this I could keep snort goign forever. Now I cannot start snort from cron. I use this command to start snort: snort -A fast -b -c /etc/snort/snort.conf -i eth1 and i am running snort v. 1.9.0beta4 (Build 195) on Debian GNU/Linux 3.0 the entry in my crontab looks like this: 0 0 * * * nohup /bin/sh snort -A fast -b -c /etc/snort/snort.conf -i eth1 i have also tried appending the command with an &, running it with nohup, calling it from /bin/sh -c "snort -A fast -b -c /etc/snort/snort.conf -i eth1", etc. I have also tried chaning the times in my crontab in case something conditional is happening. Other entries in my crotab work, so that is not the problem. It seems that snort will start to run when it is called upon by crontab, but dies immediately, as if the parent process is being killed. any help would be greatly appreciated. I am also open to running snort in other ways, so it stays running and I get my logs. Josh, First, use the latest version of 1.9.x--Beta6 Build 202. Now for the stopping at midnight... I think it's more to do with your setup than with Snort. If it were an issue with Snort, we would have seen other people with the same issue. I've been running build 202 for over a week with no blips. Check your cron logs to see if there is a problem. Have the output emailed to you and see if there's something odd. I have had a similar problem with another application which took me over a month to solve. Turns out that there was a library that it couldn't find while running under cron. Try running snort under GDB or under something like strace, ktrace, or truss. Dump the output to a file and see what it shows as the reason for dying. Try building a 'wrapper script' for it. Make sure it works via the command line, then try it from cron. Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net
If you are using crontab try to use "nice" The command line would then look something like this #!/bin/sh 0 0 * * * nice -10 /what_ever_your_programpath_is/snort -A fast -b -c /etc/snort/snort.conf -i eth1 Marcel ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Re: snort not starting from cron (Marcel) Error79 (Sep 10)