Re: Snort service stop

[Tim Sailer <sailer () bnl gov>]

On Mon, Aug 06, 2001 at 02:33:33PM -0400, gerhard () wtci net wrote:
> Hi Guys,
>
> I was checking the archives, but do not find info on my problem.
> I'm running Snort 1.8p1, beautiful... logging on MySQL.
> Have 2 nics, 1 promiscuous and other to talk to db.
> Problem is when the connection to the db is lost, even for a split second
> the snort service stop.
> The only entry in the log is " device eth0 left promiscuous mode"
> What do I have to check , was thinking of running a cron to restart service
> ,but missing the point then.
>
> Has anyone had the same problem ?

Snort dies on me every so often, but not enough to be a real problem.
<<ponder>>

Try this:

#!/bin/sh
#
#Point this to where you store the pid of your snort process
SNORTPID=`cat /var/run/snort_eth0.pid`

PROC=`ps ax | grep -v grep| grep $SNORTPID| awk '{print $1}'`

if [ "$PROC" = "" ]
then
echo "Snort stopped!"
#this should be the command you use to start snort
/etc/init.d/snort start
fi


This should work on my debian system. You'll have to adjust the
2 commented parts to work on your redhat or other system.
*This is completely untested!!!* Don't use this on a production
IDS box until you try it!!!

Tim

-- 
Tim Sailer <sailer () bnl gov> 
Cyber Security Operations Manager
Brookhaven National Laboratory  (631) 344-3001

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users