Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Newbies » S99Snort file

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

S99Snort file


Posted by phx_cissp on March 22, 2005 04:10:34

Most of the documentation i've looked at says that a sample S99Snort file is located under the /contrib folder, it's no longer there. I'm not albe to locate it under w.snort.org/dl/contrib. Does anyone have the contents to the init file they can post?

thx
steve

Posted by phx_cissp on March 22, 2005 05:20:43

Found one----

#!/bin/bash
# $Id: S99snort,v 1.2 2004/11/10 23:20:31 jhewlett dead $
# /etc/init.d/snort : start or stop the SNORT Intrusion Database System
#
# Written by Lukasz Szmit
#
# Configuration

# set config file & path to snort executable
SNORT_PATH=/usr/local/bin
CONFIG=/usr/local/share/snort/snort.conf

# set interface
IFACE=eth0

# set GID/Group Name
SNORT_GID=nogroup

# other options
OPTIONS="-D"

# End of configuration


test -x $SNORT_PATH/snort || exit 0

case "$1" in
start)
echo "Starting Intrusion Database System: SNORT"
$SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID $OPTIONS
if [ "`pidof $SNORT_PATH/snort`" ]; then
echo "SNORT is up and running!"
else
exit 0
fi
echo -n "."
;;

stop)
echo "Stoping Intrusion Database System: SNORT"
if [ "`pidof $SNORT_PATH/snort`" ] ; then

kill -TERM `pidof $SNORT_PATH/snort`

# Wait until the timeout
count=120
numdots=0
while ([ $count != 0 ]) do
let count=$count-1
if [ "`pidof $SNORT_PATH/snort`" ] ; then
echo -n .
let numdots=$numdots+1
sleep 1
else
count=0
fi
done

# If it's not dead yet, kill it.

if [ "`pidof $SNORT_PATH/snort`" ] ; then
echo " TIMEOUT!"
kill -KILL `$SNORT_PATH/snort`
else
case $numdots in
0) echo "." ;;
1) echo ;;
*) echo " done." ;;
esac
fi
else
echo "SNORT is not running!";
fi
;;
restart)
$0 stop
$0 start
;;
*)
echo 'Usage: /etc/init.d/snort {start|stop|restart}'
exit 1
;;
esac
exit 0
;;

Posted by devnull42 on March 22, 2005 05:55:36

I'm a step or 2 behind you and ran into the same problem. Thanks for posting the S99snort file. It sucks that the contrib directory is empty. Now I can't find the create_mysql script that is supposed to be in the contrib dir. If I find it I'll post it.

Posted by Mrlegger on March 22, 2005 18:19:33

the sql scripts are in the schemas dir.
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.