[Snort-users] stopping snort
emechler at ...7719...
Fri Dec 13 11:38:03 EST 2002
:: Has anyone found a way to stop snort, automatically, what i want to do is
:: have snort stop, if it gets more than 'x' alerts in a single hour, or some
:: time frame, then of course email me that it has stopped.
Sounds like you can do this with a very small shell script, or perl if you
if [ `kill -0 $SNORT_PID` ]; then
if [ `du -k $LOG_FILE | cut -f1` > $MAX_SIZE ]; then
Suitable for a cron job to run, maybe, once per 1/2 hour or so.
Cheers - Erick
More information about the Snort-users