Snort mailing list archives
Re: How to find Snort pid for log rotate script
From: "Robert Trosper" <rltr () ppco com>
Date: Mon, 29 Oct 2001 07:43:04 -0600
James, this is what I use: pid=`ps -ef | grep 'snort -i fxp0' | grep -v grep | awk '{print $2}'` kill -9 $pid This is imbedded in a script that cron runs every hour..... I then get my log files updated on the hour. I also run multiple copies of snort on this box, so you can be as specific as you need to be on your "pid=" line above to only select the copy of snort that you want to kill. Hope this helps, Robert Trosper Phillips Petroleum Company eMail: rltr () ppco com ----- Forwarded by Robert Trosper/Phillips Petroleum/us on 10/29/2001 07:37 AM ----- From: "James" <the_saint_james () yahoo com> To: <snort-users () lists sourceforge net> Date: Sun, 28 Oct 2001 10:47:41 -0700 Subject: [Snort-users] How to find Snort pid for log rotate script I found a great script to do my log rotation; hacked away at it and it does everything except stop snort. Here is what the shell script it trying to do: # Kill and restart snort now that the log files are moved. kill `cat /var/run/snort_fxp0.pid` # Restart snort in the correct way for you #/usr/local/bin/snort -i fxp0 -d -D -h homeiprange/28 -l /usr/snort/log \ # -c /usr/snort/etc/08292k.rules > /dev/null 2>&1 startsnort James here..... Snort starts just fine using my "startsnort" script but cat /var/run/snort_fxp0.pid does not pull a pid, as snort does not have one in /var/run . I've done some reading in man but cannot find an easy way to get the pid currently used by snort. I'm running RH 7.1. James _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: How to find Snort pid for log rotate script Robert Trosper (Oct 29)
- <Possible follow-ups>
- RE: Re: How to find Snort pid for log rotate script Chris Arnold (Oct 29)