3. Snort Active Checker

Snort Active Checker

  • J

    How would someone go about creating  a Snort monitoring script. In a nutshell if snort was to fail for any reason or whatever, create a script that would try to re-enable it keep some sort of log say try 3 times then if it really won't work cancel the operation and stop.

    I just wondered how would someone go about actually creating a script to do this?

    0
  • J
     

    
#!/bin/sh
SERVICE=snort
if P=$(/usr/bin/pgrep $SERVICE)
then
	/bin/echo "$SERVICE is running, PID is $P"
else
	/usr/local/etc/rc.d/snort.sh start
fi

    Run it via cron every minute.

    0
  • E

    Why snort would fail?
    I have plans to use snort -T to test a config before trying to restart snort but still have not gotten to finish that.

    0
  • J

    Snort does not fail any more. I used that script during last weeks test phases where it often crashed.
    Just posted it because j.smith1981 asked.

    0
  • J

    Oh thank you ever so much for that, probably me being lazy as per usual to actually go back in and keep re-enabling it (or usually when I forget to check if its running) ;D

    Thank you ever so much and I will give that a whirl!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy