Snort mailing list archives
Re: Snort and barnyard status
From: Sean Brown <sblinux () shaw ca>
Date: Fri, 5 Nov 2004 21:03:17 -0700
On November 4, 2004 1:15 pm, Lance Boon wrote:
What I'm looking for is an easy for users other than myself (in particular my boss) to be able to look at a webpage and determine the status of a particular snort sensor if the snort and barnyard processes are running. I'm not sure of the best way to handle this right now what I do is just ssh to the box do a ps -ef|grep snort and see both barnyard and the snort processes running. What I would like to be able to do is automate this by either having my graphing server ssh to each box, do the ps -ef|grep snort, and get these results back then put these results in a webpage to view then, maybe even send an e-mail alert if a process isn't running when it should be, or even have something set to start that process if it isn't running. But right now my main focus is just to get the results back to the webpage to be displayed and have this run as a process every min or so. Any assistance or pointers in the right direction would greatly be appreciated.
I run snort on my firewall, which is a OpenBSD machine. I use Net-SNMP to monitor both. There is a simple line in the snmpd.conf to tell it what process to monitor, and how many should be running (min/max). You can then configure traps to send and alert you if any of them die if you wish to. Any app that will do snmp will then be able to monitor the general health of the system. Since this is at home right no, I just wrote a simple superkaramba/python script to display a simple little meter on my desktop, there are of course far more robust solutions. -Sean Brown ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and barnyard status Lance Boon (Nov 04)
- Re: Snort and barnyard status Sean Brown (Nov 05)
- Re: Snort and barnyard status Jose Maria Lopez (Nov 06)
- <Possible follow-ups>
- RE: Snort and barnyard status Lance Boon (Nov 05)
- Re: Snort and barnyard status Sam Evans (Nov 05)
- Re: Snort and barnyard status Shawn Kottke (Nov 06)
- RE: Snort and barnyard status Basselgia, Barry A Mr (NAF Atsugi) (Nov 07)
- Snort and barnyard status TIannotti (Nov 08)