Snort mailing list archives
RE: Start Snort from init.d
From: Marc-Andre Hamelin <mhamelin () matrox com>
Date: Mon, 5 Nov 2001 00:41:26 -0500
Here's the script I use.
This is for a sensor with 2 sniffing nics (each on different networks).
Don't be confused by the paths and files name, I use a different rulebase
(and different log files) for each process.
If you only have one nic, you could strip it to keep only "start", "stop"
and "restart".
####################################
#!/bin/sh
case "$1" in
start)
/usr/local/bin/snort -c
/export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l
/export/snort/eth0/logs/
/usr/local/bin/snort -c
/export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l
/export/snort/eth1/logs/
;;
start_eth0)
/usr/local/bin/snort -c
/export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l
/export/snort/eth0/logs/
;;
start_eth1)
/usr/local/bin/snort -c
/export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l
/export/snort/eth1/logs/
;;
stop)
/usr/bin/killall snort
;;
stop_eth0)
/bin/kill `cat /var/run/snort_eth0.pid`
;;
stop_eth1)
/bin/kill `cat /var/run/snort_eth1.pid`
;;
restart)
/usr/bin/killall snort
/usr/local/bin/snort -c
/export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l
/export/snort/eth0/logs/
/usr/local/bin/snort -c
/export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l
/export/snort/eth1/logs/
;;
restart_eth0)
/bin/kill `cat /var/run/snort_eth0.pid`
/usr/local/bin/snort -c
/export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l
/export/snort/eth0/logs/
;;
restart_eth1)
/bin/kill `cat /var/run/snort_eth1.pid`
/usr/local/bin/snort -c
/export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l
/export/snort/eth1/logs/
;;
*)
echo "Usage: /etc/init.d/snortd
{start[_nic]|stop[_nic]|restart[_nic]}"
;;
esac
exit 0
###########################
Marc
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Dan
McIntosh
Sent: 3 novembre, 2001 16:27
To: snort-users () lists sourceforge net
Subject: [Snort-users] Start Snort from init.d
What is the correct method to start a process (in this case Snort in daemon
mode) at start-up? I am using RedHat LINUX 7.2.
Can someone share the script they use in /etc/init.d/ to start/stop Snort?
I am currently starting Snort like this:
/usr/local/bin/snort -d -h 192.168.0.0/24 -l /var/log/snortlogs -c
/usr/local/etc/snort.config/snort.conf -D
..Thanks, Dan
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Start Snort from init.d Dan McIntosh (Nov 03)
- <Possible follow-ups>
- RE: Start Snort from init.d Marc-Andre Hamelin (Nov 04)