[Snort-users] process check

Rod G postfixuser at ...11827...
Fri Oct 14 08:31:06 EDT 2005


Thanks everyone. Thanks Joel. I'm using your script. It works great. I
set it up to run every two minutes. I killed snort to see if it was
working and it started it just fine. Thanks!

Rod

On 10/14/05, Paul Schmehl <pauls at ...6838...> wrote:
> --On Friday, October 14, 2005 10:00:45 -0400 Joel Esler
> <joel.esler at ...1935...> wrote:
>
> > See if this works for ya...
> >
> > Of course you'll have to change the START_CMD line to read however  you
> > have your command line options..
> >
> >
> > <---start--->
> ># !/bin/sh
> >
> > START_CMD='/usr/local/bin/snort -c /snort/snort-2.4.2/rules/ snort.conf
> > -D'
> >
> > PROC=`ps aux | grep "snort -c" | grep -v grep`
> >          if [ -z "${PROC}" ]; then
> >                  for i in 1; do
> >                          ${START_CMD} && exit
> >                  done
> >          fi
> > <----end--->
> >
> > There are probably better ways to do this, but it's first thing in  the
> > morning over here (PST)
> >
> There's probably a million variations on that, but Joel's will work fine.
> If you're on FreeBSD, just change the START_CMD to
> /usr/local/etc/rc.d/snort.sh start.
>
> Also, if you're on FreeBSD (and I'm sure it's avaliable for other platforms
> because it's open source), there's a program in ports (/usr/ports/sysutils)
> called monitord that will do this for any app.  Just put them in the conf
> file and monitord will restart the app if it's not running.
>
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list