How to monitor snort on another host

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

How to monitor snort on another host

Postby nagios1_1 » Thu Mar 16, 2017 10:43 am

Hi friends, I wanted to ask you if you could help me hand to monitor snort with nagios.
Nagios and Snort are on two different hosts on the same LAN
nagios1_1
 
Posts: 14
Joined: Thu Jan 26, 2017 12:25 pm

Re: How to monitor snort on another host

Postby dwhitfield » Thu Mar 16, 2017 1:26 pm

https://exchange.nagios.org//directory/ ... rt/details is a bit old, but you should check it out and see if it works for you.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
dwhitfield
The Doctor
 
Posts: 3756
Joined: Wed Sep 21, 2016 10:29 am
Location: Nagios Enterprises, LLC

Re: How to monitor snort on another host

Postby nagios1_1 » Fri Mar 17, 2017 3:40 am

dwhitfield wrote:https://exchange.nagios.org//directory/Plugins/Operating-Systems/Linux/check_snort/details is a bit old, but you should check it out and see if it works for you.


Archive is demaged.
nagios1_1
 
Posts: 14
Joined: Thu Jan 26, 2017 12:25 pm

Re: How to monitor snort on another host

Postby cdienger » Fri Mar 17, 2017 9:15 am

Greetings, I was able to open the archive without issue with 7zip. The script is very tiny so I've pasted it below as well:

if [ $1 ]; then
status=$1
echo "$status"
exit -1
else
status() {
local base=${1##*/}
local pid

# Test syntax.
if [ "$#" = 0 ] ; then
echo $"Usage: status {program}"
return 1
fi

# First try "pidof"
pid=`pidof -o $$ -o $PPID -o %PPID -x $1 || \
pidof -o $$ -o $PPID -o %PPID -x ${base}`
if [ -n "$pid" ]; then
echo $"OK : ${base} (pid $pid) is running..."
return 0
fi

# Next try "/var/run/*.pid" files
if [ -f /var/run/${base}.pid ] ; then
read pid < /var/run/${base}.pid
if [ -n "$pid" ]; then
echo $"CRITICAL : ${base} dead but pid file exists"
return 1
fi
fi
# See if /var/lock/subsys/${base} exists
if [ -f /var/lock/subsys/${base} ]; then
echo $"CRITICAL : ${base} dead but subsys locked"
return 2
fi
echo $"CRITICAL : snort is stopped"
return 3
}

status snort
fi
User avatar
cdienger
Support Tech
 
Posts: 707
Joined: Tue Feb 07, 2017 11:26 am


Return to Nagios Core

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 11 guests