SnortBarnyard2 Monitoring script for anyone that wants it
-
I don't know if this as been done by anyone else yet however it tends to take less time for me to script a solution than it does to search the forums.
I created a script that will check if snort and/or barnyard2 is running and bounce the service if it's not. My service if often mysteriously found to not be running from time to time.
If you use barnyard2, the script uses an optional MySQL host parameter you would have to provide so it can check if the MySQL host is responding before attempting to restart barnyard2. It won't bother if the MySQL host is not responding. The script assumes the standard MySQL port so hopefully yours is not modified.
The script checks 3 times before bouncing anything in the case of a fluke or a service restart underway already.
The script is called like this
/root/SnortCheck.sh
or
/root/SnortCheck.sh 192.168.1.50 (IP/hostname of the MySQL server used by Barnyard2).You may upload the script to root's home directory and use the WebGUI to setup a cron schedule as you see fit.
To check the activity of the script, view the log file at /tmp/SnortCheckLog. The log doesn't clean itself however it would take alot for the log file size to be of any concern. Otherwise just null the file.
I am running version 2.3.3-RELEASE-p1 of pfsense and have not testing on anything else.
I'm a Linux admin however I don't have a long history with pfsense. Use at your own risk and test yourself naturally.
Rename the file extension from .txt to .sh however it's not entirely necessarily.
Enjoy.
SnortCheck.txt -
Service Watchdog package.
-
Ahh I see, yeah figured I wouldn't be the first to think of that. I just installed it. Suppose the only advantage my script would have might be some additional logging of activity