Snort mailing list archives
Re: process check
From: Rod G <postfixuser () gmail com>
Date: Fri, 14 Oct 2005 11:28:29 -0400
Thanks everyone. Thanks Joel. I'm using your script. It works great. I set it up to run every two minutes. I killed snort to see if it was working and it started it just fine. Thanks! Rod On 10/14/05, Paul Schmehl <pauls () utdallas edu> wrote:
--On Friday, October 14, 2005 10:00:45 -0400 Joel Esler <joel.esler () sourcefire com> wrote:See if this works for ya... Of course you'll have to change the START_CMD line to read however you have your command line options.. <---start---> # !/bin/sh START_CMD='/usr/local/bin/snort -c /snort/snort-2.4.2/rules/ snort.conf -D' PROC=`ps aux | grep "snort -c" | grep -v grep` if [ -z "${PROC}" ]; then for i in 1; do ${START_CMD} && exit done fi <----end---> There are probably better ways to do this, but it's first thing in the morning over here (PST)There's probably a million variations on that, but Joel's will work fine. If you're on FreeBSD, just change the START_CMD to /usr/local/etc/rc.d/snort.sh start. Also, if you're on FreeBSD (and I'm sure it's avaliable for other platforms because it's open source), there's a program in ports (/usr/ports/sysutils) called monitord that will do this for any app. Just put them in the conf file and monitord will restart the app if it's not running. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- process check Rod G (Oct 14)
- Re: process check Joel Esler (Oct 14)
- Re: process check Paul Schmehl (Oct 14)
- Re: process check Rod G (Oct 14)
- Re: process check Paul Schmehl (Oct 14)
- Re: process check Michael Boman (Oct 14)
- Re: process check Joel Esler (Oct 14)