[Snort-users] Re: How to find Snort pid for log rotate script

Robert Trosper rltr at ...3939...
Mon Oct 29 05:44:01 EST 2001


James, this is what I use:

pid=`ps -ef | grep 'snort -i fxp0' | grep -v grep | awk '{print $2}'`
kill -9 $pid

This is imbedded in a script that cron runs every hour..... I then get my
log files updated on the hour.  I also run multiple copies of snort on this
box, so you can be as specific as you need to be on your "pid=" line above
to only select the copy of snort that you want to kill.

     Hope this helps,
Robert Trosper
Phillips Petroleum Company
eMail: rltr at ...3939...

----- Forwarded by Robert Trosper/Phillips Petroleum/us on 10/29/2001 07:37
AM -----

From: "James" <the_saint_james at ...131...>
To: <snort-users at lists.sourceforge.net>
Date: Sun, 28 Oct 2001 10:47:41 -0700
Subject: [Snort-users] How to find Snort pid for log rotate script

I found a great script to do my log rotation; hacked away at it and it does
everything except stop snort. Here is what the shell script it trying to
do:

# Kill and restart snort now that the log files are moved.
kill `cat /var/run/snort_fxp0.pid`

# Restart snort in the correct way for you

#/usr/local/bin/snort -i fxp0 -d -D -h homeiprange/28 -l /usr/snort/log \
# -c /usr/snort/etc/08292k.rules > /dev/null 2>&1

startsnort

James here.....

Snort starts just fine using my "startsnort" script but cat
/var/run/snort_fxp0.pid does not pull a pid, as snort does not have one in
/var/run .  I've done some reading in man but cannot find an easy way to
get
the pid currently used by snort. I'm running RH 7.1.

James



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com






More information about the Snort-users mailing list