[Snort-users] snort not starting from cron

JB baumanj at ...6590...
Mon Sep 9 05:09:06 EDT 2002


Our mailserver had some issues this weekend, so I'm not sure if this got
out the first time I sent it.

Hello,

I have had some issues with snort before, especially getting a signal 15
after snort would run for exactly one day.  The problem I came up with is
that snort would kill itself when it came near to re-writing log files
after 24 hrs.

I got around this by setting a cron job to kill snort before it normally
died, and then start it a minute later; by doing this I could keep snort
goign forever.  Now I cannot start snort from cron.

I use this command to start snort:  snort -A fast -b -c
/etc/snort/snort.conf -i eth1

and i am running snort v. 1.9.0beta4 (Build 195) on Debian GNU/Linux 3.0

the entry in my crontab looks like this:

0 0 * * * nohup /bin/sh snort -A fast -b -c /etc/snort/snort.conf -i eth1

i have also tried appending the command with an &, running it with nohup,
calling it from /bin/sh -c "snort -A fast -b -c /etc/snort/snort.conf -i
eth1", etc.  I have also tried chaning the times in my crontab in case
something conditional is happening.  Other entries in my crotab work, so
that is not the problem.  It seems that snort will start to run when it is
called upon by crontab, but dies immediately, as if the parent process is
being killed.

any help would be greatly appreciated.  I am also open to running snort in
other ways, so it stays running and I get my logs.

thanks,

Josh Bauman


_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
   "if it ain't broke, hit it again"
            Joshua Bauman
baumanj at ...6590...      darwin at ...6591...
	baumanj at ...6857...
            www.darw1n.net







More information about the Snort-users mailing list