[Snort-users] Re: Snort-users digest, Vol 1 #2581 - 7 msgs

Robert Young kwailoe at ...634...
Mon Dec 16 09:56:22 EST 2002

You wrote:

Message: 1
From: "Don" <Don at ...5881...>
To: <snort-users at lists.sourceforge.net>
Date: Fri, 13 Dec 2002 10:54:14 -0800
Subject: [Snort-users] stopping snort

Has anyone found a way to stop snort, automatically, what i want to do is
have snort stop, if it gets more than 'x' alerts in a single hour, or some
time frame, then of course email me that it has stopped. i do go to syslog
with alerts. any suggestions. I have a particular sensor that periodically
starts alerting on something, that just causes a round robin effect, and
fills up the logs with the same error over and over and over, it gets really
boring actually. 'if' i can open the log. the logs have became as large as
2gig on occasion.

# Robert Young
# start and stop snort IDS
# chkconfig:  345 85 15
#     Starts and stops snort -swiped from init.d
# processname: snort
# pidfile: /var/run/IDS.pid

# Source function library
 .   /etc/rc.d/init.d/functions

# See how we were called
case "$1" in
    echo -n "Starting IDS: "
/usr/local/snort -A full -D -c /etc/rules/snort.conf
    touch /var/lock/susbsys/IDS
    pidof snort > /var/run/IDS.pid
    echo -n " Shutting down IDS: "
    [ -f /var/run/IDS.pid ]  && {
        kill -9 `cat .var/run/IDS.pid`
        exho -n IDS

    rm -f /var/lock/susbsys/IDS
    rm -f /var/run/IDS.pid
            status IDS
            $0 stop
            $0 start
            echo "Usage: {start | stop | restart | status}"
            exit 1
exit 0

make the script executable and place it in /etc/rc.d/init.d.   You may  be able to write a script that reacts to certain conditions.  for example I have used swatch to monitor my alert logs and page me when it detects hostile traffic exiting my network.  swatch can excute the above script as well.  You  will need to edit the obvious commands to fit
your set up.

This has worked with red hat 7.3

Bob Young

More information about the Snort-users mailing list