The only thing I can find is the following:
Aug 27 22:34:38 starchild snort[5941]: Snort exiting
This SUCKS!
I've restarted it but I now lack visibility for the past 12+ hours. I'll watch the logs closely tonight and maybe direct any errors to a logfile.
Edited 8/30/2007:
I think I've fixed the issue (for real, this time).
There is an part of the script that would choke upon itself...the restart function:
# Restart snort:
snort_restart() {
snort_stop
sleep 5
snort_start
}
I had to change the sleep statement from "1" to "5". I believe that the script chokes because it takes a few seconds to stop the snort process. One second isn't enough time, it seems. The script was stopping the process and immediately restarting it after one second. One second after the kill command runs, the snort process is still trying to stop when the script starts the snort_start function. I've tested this by adjusting the sleep statement and running the "rc.snort restart" command...I got successful results. We'll now wait to see if the cron job croaks again (tonight).
No comments:
Post a Comment