Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Active Checker

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j.smith1981
      last edited by

      How would someone go about creating  a Snort monitoring script. In a nutshell if snort was to fail for any reason or whatever, create a script that would try to re-enable it keep some sort of log say try 3 times then if it really won't work cancel the operation and stop.

      I just wondered how would someone go about actually creating a script to do this?

      1 Reply Last reply Reply Quote 0
      • J
        judex
        last edited by

        
        #!/bin/sh
        SERVICE=snort
        if P=$(/usr/bin/pgrep $SERVICE)
        then
        	/bin/echo "$SERVICE is running, PID is $P"
        else
        	/usr/local/etc/rc.d/snort.sh start
        fi
        
        

        Run it via cron every minute.

        2.1-RELEASE (amd64)
        built on Wed Sep 11 18:17:48 EDT 2013
        FreeBSD 8.3-RELEASE-p11

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          Why snort would fail?
          I have plans to use snort -T to test a config before trying to restart snort but still have not gotten to finish that.

          1 Reply Last reply Reply Quote 0
          • J
            judex
            last edited by

            Snort does not fail any more. I used that script during last weeks test phases where it often crashed.
            Just posted it because j.smith1981 asked.

            2.1-RELEASE (amd64)
            built on Wed Sep 11 18:17:48 EDT 2013
            FreeBSD 8.3-RELEASE-p11

            1 Reply Last reply Reply Quote 0
            • J
              j.smith1981
              last edited by

              Oh thank you ever so much for that, probably me being lazy as per usual to actually go back in and keep re-enabling it (or usually when I forget to check if its running) ;D

              Thank you ever so much and I will give that a whirl!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.