Check if snort is running



  • I have found that snort wasn't running on several occasion, seemingly because of some kind of rules download error.  The last time was in this message:
    https://forum.pfsense.org/index.php?topic=117233.0

    It was rather aggravating to always be in the dark as to whether snort intrusion protection was running.  I have written a quick bash script that checks every minute to see if snort is running and puts out 6 alternating beeps on my controller when snort isn't found in a top list.  Cron has to be installed.

    #!/usr/local/bin/bash

    snortwarn.sh

    cron line: */1 * * * * /usr/local/bin/snortwarn.sh

    export PATH=$PATH:/usr/local/bin

    top -n 1000 > /etc/dummy.txt

    if [[ $(grep -cw "snort" /etc/dummy.txt) -eq 0 ]]; then
      beep -p 2600 50
      beep -p 2800 50
      beep -p 2600 50
      beep -p 2800 50
      beep -p 2600 50
      beep -p 2800 50
    fi

    rm /etc/dummy.txt

    exit 0


Log in to reply