Re: snortsam & snort start script?

[Frank Knobbe <frank () knobbe us>]

On Mon, 2003-08-11 at 15:36, Pacheco, Michael F. wrote:
> Does anybody have a snort start script that integrates snortsam into it.  I
> know that snortsam has to start before snort and needs a few seconds to
> complete its start and test connect to the configured firewall before snort
> starts.

I'm not aware of a downloadable script, but what is wrong with adding
the following to your rc.local?

daemon /<path2snortsam>/snortsam /<path2config>/snortsam.conf
sleep 10
daemon /<path2snort>/snort -c /<path2conf>/snort.conf -<snort-options>

Also, keep in mind that when Snort starts and it can not connect to
Snortsam, it will try again at the first block. That means you can start
Snort before Snortsam. It may hang for a bit trying to connect to
Snortsam, but then will continue. At the first block attempt, it will
try to connect to the configured Snortsam agents, check in, and send the
block.

If you have to use two scripts, for example rc.d scripts or daemontools
scripts, you should be able to use a short sleep (i.e. 5 secs) before
Snort in the Snort script, or just start them at the same time.

... one of these days we'll have Snortsam go daemon by itself... :)

Hope this helps,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part