Snort mailing list archives
Oracle Snort Shell Scripting Reloaded...
From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Fri, 17 Dec 2004 16:01:32 -0500
I use Stunnel to connect my remote snort machines to my local snort database. Well, every once in awhile the connection to Oracle won't work. Mysql works because I am using barnyard, but since, (yet again my complaint) barnyard doesn't have an oracle output module (yes I did start working on one, but stopped) Trying to write a script to check to make sure Snort is up and reading the Oracle database, and if it the error is logged in /var/log/messages, then restart Snort. Will this work? #!/bin/sh date=$(date '+%m%d%y.%H%M') PROC=`ps aux | grep "/usr/local/bin/snort -c" | grep -v grep` CHECK=`tail /var/log/messages | grep "ORA-03114"` if [ -z ${PROC} ]; then START_CMD='/snort/startup.sh' for i in 1 2 3 4 5 6 7 8 9 10; do ${START_CMD} && exit sleep 5 done echo "Snort is down at $date" >> /tmp/snortdown.log fi if [ ${CHECK} = `ORA-03114` ]; then CHECK_CMD='/snort/startup.sh' for i in 1 2 3 4 5 6 7 8 9 10; do ${CHECK_CMD} && exit sleep 5 done echo "Snort is down at $date" >> /tmp/snortdown.log Fi Or perhaps change it to If [ -n ${CHECK} ]; then ?? ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Oracle Snort Shell Scripting Reloaded... Esler, Joel - Contractor (Dec 17)
- <Possible follow-ups>
- RE: Oracle Snort Shell Scripting Reloaded... Esler, Joel - Contractor (Dec 17)