Snort mailing list archives
RE: New feature request
From: "Burleson, Lee (IA)" <Lee.Burleson () ia ngb army mil>
Date: Thu, 16 Aug 2001 09:10:11 -0500
And in Win2k, in case _anyone_ cares... You could follow the existing instructions to run Snort as a service and set the option to restart upon failure. Just thought I'd throw that out. - Lee
-----Original Message----- From: Dragos Ruiu [mailto:dr () kyx net] Sent: Wednesday, August 15, 2001 23:52 To: Steve Hutchins; 'snort-users' Subject: Re: [Snort-users] New feature request I know it's not the full answer to your request, but this might help make sure your sensors come back after the db starts if it flakes.... cheers, --dr 6.20 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq-- Q: My snort crashes, how do I restart it? A: Try this shell script or daemontools #!/bin/sh #snorthup: Snort Restarter and Crash Logger #(dr () kyx net with help from kmaxwell () superpages com) $conf = "snort.conf" for $IFACE in fxp0 fxp1 do if [ -f /var/run/snort_$IFACE.pid ]; then if ! ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then /usr/bin/logger -p user.notice snorthup: removing bogus pidfile /usr/bin/logger -p user.notice snorthup: restarting absentee snort on $IFACE with conf file $conf rm -f /var/run/snort_$IFACE.pid /usr/local/bin/snort -D -c $conf -i $IFACE fi; else /usr/bin/logger -p user.notice snorthup: restarting snort on $IFACE with conf file $conf /usr/local/bin/snort -D -c $conf -i $IFACE fi done On Wed, 15 Aug 2001, Steve Hutchins wrote:Any chance of adding a config option to the database plugin that tells it not to kill snort if it can't communicate with the database. On several occasions, I have lost all sensors when the main database died. How about having the d/b plugin just retry connecting to the d/b periodically and just report via syslog if it can't connect. This lets snort still collect data to binary file. Steve _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at
http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New feature request Steve Hutchins (Aug 15)
- Re: New feature request Dragos Ruiu (Aug 15)
- <Possible follow-ups>
- RE: New feature request Steve Hutchins (Aug 15)
- RE: New feature request Dragos Ruiu (Aug 15)
- RE: New feature request Burleson, Lee (IA) (Aug 16)
- RE: New feature request Dragos Ruiu (Aug 16)