[Snort-users] snort exit

Ed Kasky ed at ...3483...
Sun Nov 4 11:09:08 EST 2001


Tim Hughes gave me this tip and it works for me as well:

"I run snort as an auto started service on RedHat 6.2 and I compile from
source with an /opt/snort prefix to make upgrades and removal much easier.
(I have a habit of doing this for all 3rd party software)  I have attached
the script I use in the cron job (snort-check.sh) and my snort init file
(snort).  You will need to change the path in the crontab line and in the
snort-check.sh file to the appropriate paths for your environment."

The crontab line reads:

*/1 * * * * /sbin/snort-check.sh

-=> snort-check.sh <=-

#!/bin/sh

# Check the status of snort

pid=`/sbin/pidof snort`
#echo "pid $pid"

if [ "$pid" =  "" ]; then
         /etc/rc.d/init.d/snort start
         echo -n "Snort has been restarted"
         exit 0
fi

exit 0

-=> snort init <=-

#!/bin/sh
#
# Startup script for the Snort Intrusion Detection Engine
#
# chkconfig: 345 85 15
# description: Snort is an intrusion detection engine.  It is \
#               used to detect hostile attacks on a network.
# processname: snort
# pidfile: /var/run/snort.pid
# config: /opt/snort/rules/snort.conf


# Source function library.
. /etc/rc.d/init.d/functions

# See how we were called.
case "$1" in
  start)
         echo -n "Starting snort:"
         daemon /opt/snort/bin/snort -u snort -g snort -c 
/opt/snort/rules/snort.conf -d -D -i ppp0
         echo
         touch /var/lock/subsys/snort
         ;;
  stop)
         echo -n "Shutting down snort:"
         killproc snort
         echo
         rm -f /var/lock/subsys/snort
         rm -f /chroot/httpd/var/run/snort
         ;;
  status)
         status snort
         ;;
  restart)
         $0 stop
         $0 start
         ;;
  *)
         echo "Usage: $0 {start|stop|restart|status}"
         exit 1
esac

exit 0


At 07:34 PM Sunday, 11/4/2001, mysiar at ...3879... wrote -=>
>hi
>does anybody knows why snort terminates itself?
>what's happening and how I can avoid it?
>
>I need to run snort all the time.
>
>maybe somebody already wrote kind of deamon to monitor
>snort and start it again when it dies.

Ed Kasky
Los Angeles, CA
. . . . . . . .
Nothing contributes more to peace of soul than having
no opinion at all.
         -George Christopher Lichtenberg





More information about the Snort-users mailing list