RE: Snort Startup Script

[Paul Schmehl <pauls () utdallas edu>]

--On Tuesday, April 19, 2005 11:11:27 AM -0400 "Briggs, Bruce" 
<Bruce.Briggs () suny edu> wrote:

> Actually, the ability to start/run multiple instances of Snort can be
> helpful.
>
> For example, instance 1 can be you standard Snort with all of the
> default rules etc. logging to your standard log database.
> But instance 2 can be a specially crafted instance of Snort, using a
> different snort.conf looking for a special packet type and perhaps
> logging in a different way.
>
> And of course, for those of us with multiple NICs on our Snort server,
> running multiple instances of Snort, 1 for each NIC, is a requirement.
And if that is what you want to do, don't use my example to find the 
process, because it will find *all* of them.  I'm not sure what will happen 
then.  I surmise that it will simply take the last PID it finds, but I 
haven't tested that.

In a case like that, you would want to grep for something unique to that 
process.  E.g.

PID=`ps auxw | grep snort1 | grep -v grep | awk '{print $2}'`

or

PID=`ps auxw | grep snort | grep -v grep | grep snort1.conf | awk '{print 
$2}'`

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This SF.Net email is sponsored by: New Crystal Reports XI.
Version 11 adds new functionality designed to reduce time involved in
creating, integrating, and deploying reporting solutions. Free runtime info,
new features, or free trial, at: http://www.businessobjects.com/devxi/728
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users