Check if snort is running

IDS/IPS
Log in to reply
  • B

    I have found that snort wasn't running on several occasion, seemingly because of some kind of rules download error.  The last time was in this message:
    https://forum.pfsense.org/index.php?topic=117233.0

    It was rather aggravating to always be in the dark as to whether snort intrusion protection was running.  I have written a quick bash script that checks every minute to see if snort is running and puts out 6 alternating beeps on my controller when snort isn't found in a top list.  Cron has to be installed.

    #!/usr/local/bin/bash

    snortwarn.sh

    cron line: */1 * * * * /usr/local/bin/snortwarn.sh

    export PATH=$PATH:/usr/local/bin

    top -n 1000 > /etc/dummy.txt

    if [[ $(grep -cw "snort" /etc/dummy.txt) -eq 0 ]]; then
      beep -p 2600 50
      beep -p 2800 50
      beep -p 2600 50
      beep -p 2800 50
      beep -p 2600 50
      beep -p 2800 50
    fi

    rm /etc/dummy.txt

    exit 0

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy