[Snort-users] process check

Paul Schmehl pauls at ...6838...
Fri Oct 14 07:53:33 EDT 2005

--On Friday, October 14, 2005 10:00:45 -0400 Joel Esler 
<joel.esler at ...1935...> wrote:

> See if this works for ya...
> Of course you'll have to change the START_CMD line to read however  you
> have your command line options..
> <---start--->
># !/bin/sh
> START_CMD='/usr/local/bin/snort -c /snort/snort-2.4.2/rules/ snort.conf
> -D'
> PROC=`ps aux | grep "snort -c" | grep -v grep`
>          if [ -z "${PROC}" ]; then
>                  for i in 1; do
>                          ${START_CMD} && exit
>                  done
>          fi
> <----end--->
> There are probably better ways to do this, but it's first thing in  the
> morning over here (PST)
There's probably a million variations on that, but Joel's will work fine. 
If you're on FreeBSD, just change the START_CMD to 
/usr/local/etc/rc.d/snort.sh start.

Also, if you're on FreeBSD (and I'm sure it's avaliable for other platforms 
because it's open source), there's a program in ports (/usr/ports/sysutils) 
called monitord that will do this for any app.  Just put them in the conf 
file and monitord will restart the app if it's not running.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member

More information about the Snort-users mailing list