[Snort-users] snort -T output

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Mon Oct 25 07:07:06 EDT 2004


--On 25 October 2004 07:25 -0600 hallian hallian <hallian at ...125...> 
wrote:

> When I update my rules I run snort -T to verify all my rules are GOOD.
> But there is no way for me to automate this process so that I can read
> the ERROR message to STDOUT to a file.   If the   snort -T does return
> ERROR then I want to reverse back to old rules.
>
> HOw can I feedin the output from snort -T or snort -c
> /etc/snort/snort.conf -v to STD OUTPUT to a file.

What do you need to do with the output from Snort, that can't be done by 
checking the return code:

snort >snort.out 2>&1 -T -c /etc/snort/snort.conf
if [ $? -eq 0 ]; then
        echo "rules OK"
        ...
else
        echo "rules broken"
        cat <snort.out
        ...
fi

> Any ideas....
> thanks
> hallian

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list