Re: process check

[Paul Schmehl <pauls () utdallas edu>]

--On Friday, October 14, 2005 10:00:45 -0400 Joel Esler 
<joel.esler () sourcefire com> wrote:

> See if this works for ya...
>
> Of course you'll have to change the START_CMD line to read however  you
> have your command line options..
>
>
> <---start--->
> # !/bin/sh
>
> START_CMD='/usr/local/bin/snort -c /snort/snort-2.4.2/rules/ snort.conf
> -D'
>
> PROC=`ps aux | grep "snort -c" | grep -v grep`
>          if [ -z "${PROC}" ]; then
>                  for i in 1; do
>                          ${START_CMD} && exit
>                  done
>          fi
> <----end--->
>
> There are probably better ways to do this, but it's first thing in  the
> morning over here (PST)
There's probably a million variations on that, but Joel's will work fine. 
If you're on FreeBSD, just change the START_CMD to 
/usr/local/etc/rc.d/snort.sh start.

Also, if you're on FreeBSD (and I'm sure it's avaliable for other platforms 
because it's open source), there's a program in ports (/usr/ports/sysutils) 
called monitord that will do this for any app.  Just put them in the conf 
file and monitord will restart the app if it's not running.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users