Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Check if snort is running

    IDS/IPS
    1
    1
    980
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      battles last edited by

      I have found that snort wasn't running on several occasion, seemingly because of some kind of rules download error.  The last time was in this message:
      https://forum.pfsense.org/index.php?topic=117233.0

      It was rather aggravating to always be in the dark as to whether snort intrusion protection was running.  I have written a quick bash script that checks every minute to see if snort is running and puts out 6 alternating beeps on my controller when snort isn't found in a top list.  Cron has to be installed.

      #!/usr/local/bin/bash

      snortwarn.sh

      cron line: */1 * * * * /usr/local/bin/snortwarn.sh

      export PATH=$PATH:/usr/local/bin

      top -n 1000 > /etc/dummy.txt

      if [[ $(grep -cw "snort" /etc/dummy.txt) -eq 0 ]]; then
        beep -p 2600 50
        beep -p 2800 50
        beep -p 2600 50
        beep -p 2800 50
        beep -p 2600 50
        beep -p 2800 50
      fi

      rm /etc/dummy.txt

      exit 0

      pfSense 2.3.4-RELEASE-p1 (i386)
      FreeBSD 10.3-RELEASE-p19
      pfBlockerNG 2.1.2_1
      Snort Security 3.2.9.5_3
      Intel(R) Atom(TM) CPU N270 @ 1.60GHz

      1 Reply Last reply Reply Quote 0
      • First post
        Last post