Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Oracle Snort Shell Scripting Reloaded...

From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Fri, 17 Dec 2004 16:42:21 -0500
I think I figured it out...

#!/bin/sh

date=$(date '+%m%d%y.%H%M')

PROC=`ps aux | grep "/usr/local/bin/snort -c" | grep -v grep`

if [ -z ${PROC} ]; then

 START_CMD='/snort/startup.sh'

 for i in 1 2 3 4 5 6 7 8 9 10; do
  ${START_CMD} && exit
  sleep 5
 done

 echo "Snort is down at $date" >> /tmp/snortdown.log
else
CHECK=`tail /var/log/messages | grep "ORA-03114"`
 if [ -n ${CHECK} ]; then

         for i in 1 2 3 4 5 6 7 8 9 10; do
   ${START_CMD} && exit
   sleep 5
  done

  echo "Snort is down at $date" >> /tmp/snortdown.log

 fi
Fi



-----Original Message-----
From: Esler, Joel - Contractor 
Sent: Friday, December 17, 2004 4:01 PM
To: snort-users () lists sourceforge net
Cc: 'General DShield Discussion List'
Subject: Oracle Snort Shell Scripting Reloaded...


I use Stunnel to connect my remote snort machines to my local snort
database.  Well, every once in awhile the connection to Oracle won't
work.  Mysql works because I am using barnyard, but since, (yet again my
complaint) barnyard doesn't have an oracle output module (yes I did
start working on one, but stopped)

Trying to write a script to check to make sure Snort is up and reading
the Oracle database, and if it the error is logged in /var/log/messages,
then restart Snort.  Will this work?

#!/bin/sh
date=$(date '+%m%d%y.%H%M')
PROC=`ps aux | grep "/usr/local/bin/snort -c" | grep -v grep`
CHECK=`tail /var/log/messages | grep "ORA-03114"` if [ -z ${PROC} ];
then
        START_CMD='/snort/startup.sh'
        for i in 1 2 3 4 5 6 7 8 9 10; do
                ${START_CMD} && exit
                sleep 5
        done
        echo "Snort is down at $date" >> /tmp/snortdown.log
fi
if [ ${CHECK} = `ORA-03114` ]; then
        CHECK_CMD='/snort/startup.sh'
        for i in 1 2 3 4 5 6 7 8 9 10; do
                ${CHECK_CMD} && exit
                sleep 5
        done
        echo "Snort is down at $date" >> /tmp/snortdown.log
Fi

Or perhaps change it to 

If [ -n ${CHECK} ]; then

??


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: