Re: snort not starting from cron

[twig les <twigles () yahoo com>]

The first thing that jumps to mind is whether or not
Snort starts with your command when you execute it by
hand.  The second thing is that you aren't using the
-D option to run Snort as a daemon.  The third is I'm
wondering what you would see if you used the -T option
to debug the startup (or let it fail and "tail
/var/log/messages").

Hope that leads to something.


--- JB <baumanj () union edu> wrote:
> Our mailserver had some issues this weekend, so I'm
> not sure if this got
> out the first time I sent it.
>
> Hello,
>
> I have had some issues with snort before, especially
> getting a signal 15
> after snort would run for exactly one day.  The
> problem I came up with is
> that snort would kill itself when it came near to
> re-writing log files
> after 24 hrs.
>
> I got around this by setting a cron job to kill
> snort before it normally
> died, and then start it a minute later; by doing
> this I could keep snort
> goign forever.  Now I cannot start snort from cron.
>
> I use this command to start snort:  snort -A fast -b
> -c
> /etc/snort/snort.conf -i eth1
>
> and i am running snort v. 1.9.0beta4 (Build 195) on
> Debian GNU/Linux 3.0
>
> the entry in my crontab looks like this:
>
> 0 0 * * * nohup /bin/sh snort -A fast -b -c
> /etc/snort/snort.conf -i eth1
>
> i have also tried appending the command with an &,
> running it with nohup,
> calling it from /bin/sh -c "snort -A fast -b -c
> /etc/snort/snort.conf -i
> eth1", etc.  I have also tried chaning the times in
> my crontab in case
> something conditional is happening.  Other entries
> in my crotab work, so
> that is not the problem.  It seems that snort will
> start to run when it is
> called upon by crontab, but dies immediately, as if
> the parent process is
> being killed.
>
> any help would be greatly appreciated.  I am also
> open to running snort in
> other ways, so it stays running and I get my logs.
>
> thanks,
>
> Josh Bauman
>
>
> _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>    "if it ain't broke, hit it again"
>             Joshua Bauman
> baumanj () union edu      darwin () darw1n net
>       baumanj () vu union edu
>             www.darw1n.net
-------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of
> that same old
> cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Heavy metal made me do it.                        
-----------------------------------------------------------

__________________________________________________
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
http://dir.remember.yahoo.com/tribute


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users