Snort mailing list archives
RE: Start Snort from init.d
From: Marc-Andre Hamelin <mhamelin () matrox com>
Date: Mon, 5 Nov 2001 00:41:26 -0500
Here's the script I use. This is for a sensor with 2 sniffing nics (each on different networks). Don't be confused by the paths and files name, I use a different rulebase (and different log files) for each process. If you only have one nic, you could strip it to keep only "start", "stop" and "restart". #################################### #!/bin/sh case "$1" in start) /usr/local/bin/snort -c /export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l /export/snort/eth0/logs/ /usr/local/bin/snort -c /export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l /export/snort/eth1/logs/ ;; start_eth0) /usr/local/bin/snort -c /export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l /export/snort/eth0/logs/ ;; start_eth1) /usr/local/bin/snort -c /export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l /export/snort/eth1/logs/ ;; stop) /usr/bin/killall snort ;; stop_eth0) /bin/kill `cat /var/run/snort_eth0.pid` ;; stop_eth1) /bin/kill `cat /var/run/snort_eth1.pid` ;; restart) /usr/bin/killall snort /usr/local/bin/snort -c /export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l /export/snort/eth0/logs/ /usr/local/bin/snort -c /export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l /export/snort/eth1/logs/ ;; restart_eth0) /bin/kill `cat /var/run/snort_eth0.pid` /usr/local/bin/snort -c /export/snort/eth0/rules/snort.conf.eth0 -d -D -e -i eth0 -l /export/snort/eth0/logs/ ;; restart_eth1) /bin/kill `cat /var/run/snort_eth1.pid` /usr/local/bin/snort -c /export/snort/eth1/rules/snort.conf.eth1 -d -D -e -i eth1 -l /export/snort/eth1/logs/ ;; *) echo "Usage: /etc/init.d/snortd {start[_nic]|stop[_nic]|restart[_nic]}" ;; esac exit 0 ########################### Marc -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Dan McIntosh Sent: 3 novembre, 2001 16:27 To: snort-users () lists sourceforge net Subject: [Snort-users] Start Snort from init.d What is the correct method to start a process (in this case Snort in daemon mode) at start-up? I am using RedHat LINUX 7.2. Can someone share the script they use in /etc/init.d/ to start/stop Snort? I am currently starting Snort like this: /usr/local/bin/snort -d -h 192.168.0.0/24 -l /var/log/snortlogs -c /usr/local/etc/snort.config/snort.conf -D ..Thanks, Dan _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Start Snort from init.d Dan McIntosh (Nov 03)
- <Possible follow-ups>
- RE: Start Snort from init.d Marc-Andre Hamelin (Nov 04)