[Snort-devel] Re: Status alert
cmg at ...81...
Tue Feb 24 06:14:01 EST 2004
Martin Olsson <elof at ...969...> writes:
> Not really. In my example you check the entire chain from the sensor to
> the receiving end, not just that the process is running.
One way this has been solved in several scenarios is to emit a custom
ping / udp packet at set intervals so you are testing the sniffing
interface as well with a custom rule so that you are testing the
A good reason to do this is sometimes the promisc flag gets wonky and
you have a snort that's not actually sniffing.
Chris Green <cmg at ...2257...>
A watched process never cores.
More information about the Snort-devel