[Snort-users] snort exit

Ed Kasky ed at ...3483...
Sun Nov 4 11:09:08 EST 2001

Tim Hughes gave me this tip and it works for me as well:

"I run snort as an auto started service on RedHat 6.2 and I compile from
source with an /opt/snort prefix to make upgrades and removal much easier.
(I have a habit of doing this for all 3rd party software)  I have attached
the script I use in the cron job (snort-check.sh) and my snort init file
(snort).  You will need to change the path in the crontab line and in the
snort-check.sh file to the appropriate paths for your environment."

The crontab line reads:

*/1 * * * * /sbin/snort-check.sh

-=> snort-check.sh <=-


# Check the status of snort

pid=`/sbin/pidof snort`
#echo "pid $pid"

if [ "$pid" =  "" ]; then
         /etc/rc.d/init.d/snort start
         echo -n "Snort has been restarted"
         exit 0

exit 0

-=> snort init <=-

# Startup script for the Snort Intrusion Detection Engine
# chkconfig: 345 85 15
# description: Snort is an intrusion detection engine.  It is \
#               used to detect hostile attacks on a network.
# processname: snort
# pidfile: /var/run/snort.pid
# config: /opt/snort/rules/snort.conf

# Source function library.
. /etc/rc.d/init.d/functions

# See how we were called.
case "$1" in
         echo -n "Starting snort:"
         daemon /opt/snort/bin/snort -u snort -g snort -c 
/opt/snort/rules/snort.conf -d -D -i ppp0
         touch /var/lock/subsys/snort
         echo -n "Shutting down snort:"
         killproc snort
         rm -f /var/lock/subsys/snort
         rm -f /chroot/httpd/var/run/snort
         status snort
         $0 stop
         $0 start
         echo "Usage: $0 {start|stop|restart|status}"
         exit 1

exit 0

At 07:34 PM Sunday, 11/4/2001, mysiar at ...3879... wrote -=>
>does anybody knows why snort terminates itself?
>what's happening and how I can avoid it?
>I need to run snort all the time.
>maybe somebody already wrote kind of deamon to monitor
>snort and start it again when it dies.

