Snort Active Checker

  • How would someone go about creating  a Snort monitoring script. In a nutshell if snort was to fail for any reason or whatever, create a script that would try to re-enable it keep some sort of log say try 3 times then if it really won't work cancel the operation and stop.

    I just wondered how would someone go about actually creating a script to do this?

    if P=$(/usr/bin/pgrep $SERVICE)
    	/bin/echo "$SERVICE is running, PID is $P"
    	/usr/local/etc/rc.d/ start

    Run it via cron every minute.

  • Why snort would fail?
    I have plans to use snort -T to test a config before trying to restart snort but still have not gotten to finish that.

  • Snort does not fail any more. I used that script during last weeks test phases where it often crashed.
    Just posted it because j.smith1981 asked.

  • Oh thank you ever so much for that, probably me being lazy as per usual to actually go back in and keep re-enabling it (or usually when I forget to check if its running) ;D

    Thank you ever so much and I will give that a whirl!

Log in to reply