[Snort-users] Prevent Snort from starting a new instance if one already there

Edin Dizdarevic edin.dizdarevic at ...5862...
Wed Sep 18 06:16:04 EDT 2002

Yeah, thx, I would have come so far, I guess... ;)

However, I actually want to update my sigs with a cronjob.
A strange problem occured to me: for some reason my startscript
started Snort started twice or more using only one PID file.

Well I guess it was my fault...;)

Anyway, actually I wanted to check if Snort is running several times
on an interface using only one PID file. If you start Snort twice
accidentially - no matter for what reason - you still have only one
PID file.

So what you need to do is something like:

SNORTS=`ps ax |grep snort | wc -l`
SNORTPIDS=`ls /var/run/snort* | wc -l`

And thats just the beginning.

But not really a problem that cannot be solved...


Scott Nursten wrote:
> Snort writes a pid file to /var/run/snort_xxxx.pid where xxxx is the
> interface name, so...
> if [ ! -f "/var/run/snort_${if}.pid" ]; then
>     snort -I ${if} /etc/snort/snort.${if}.conf
> fi
> Kind Regards, 

Edin Dizdarevic

More information about the Snort-users mailing list