Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SnortBarnyard2 Monitoring script for anyone that wants it

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      Randall526
      last edited by

      I don't know if this as been done by anyone else yet however it tends to take less time for me to script a solution than it does to search the forums.

      I created a script that will check if snort and/or barnyard2 is running and bounce the service if it's not.  My service if often mysteriously found to not be running from time to time.

      If you use barnyard2, the script uses an optional MySQL host parameter you would have to provide so it can check if the MySQL host is responding before attempting to restart barnyard2.  It won't bother if the MySQL host is not responding.  The script assumes the standard MySQL port so hopefully yours is not modified.

      The script checks 3 times before bouncing anything in the case of a fluke or a service restart underway already.

      The script is called like this

      /root/SnortCheck.sh
      or
      /root/SnortCheck.sh 192.168.1.50      (IP/hostname of the MySQL server used by Barnyard2).

      You may upload the script to root's home directory and use the WebGUI to setup a cron schedule as you see fit.

      To check the activity of the script, view the log file at /tmp/SnortCheckLog.  The log doesn't clean itself however it would take alot for the log file size to be of any concern.  Otherwise just null the file.

      I am running version 2.3.3-RELEASE-p1 of pfsense and have not testing on anything else.

      I'm a Linux admin however I don't have a long history with pfsense. Use at your own risk and test yourself naturally.

      Rename the file extension from .txt to .sh however it's not entirely necessarily.

      Enjoy.
      SnortCheck.txt

      1 Reply Last reply Reply Quote 0
      • P Offline
        pfBasic Banned
        last edited by

        Service Watchdog package.

        1 Reply Last reply Reply Quote 0
        • R Offline
          Randall526
          last edited by

          Ahh I see, yeah figured I wouldn't be the first to think of that.  I just installed it.  Suppose the only advantage my script would have might be some additional logging of activity

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.