Page 1 of 1

How to monitor snort on another host

Posted: Thu Mar 16, 2017 10:43 am
by nagios1_1
Hi friends, I wanted to ask you if you could help me hand to monitor snort with nagios.
Nagios and Snort are on two different hosts on the same LAN

Re: How to monitor snort on another host

Posted: Thu Mar 16, 2017 1:26 pm
by dwhitfield
https://exchange.nagios.org//directory/ ... rt/details is a bit old, but you should check it out and see if it works for you.

Re: How to monitor snort on another host

Posted: Fri Mar 17, 2017 3:40 am
by nagios1_1
dwhitfield wrote:https://exchange.nagios.org//directory/ ... rt/details is a bit old, but you should check it out and see if it works for you.
Archive is demaged.

Re: How to monitor snort on another host

Posted: Fri Mar 17, 2017 9:15 am
by cdienger
Greetings, I was able to open the archive without issue with 7zip. The script is very tiny so I've pasted it below as well:

if [ $1 ]; then
status=$1
echo "$status"
exit -1
else
status() {
local base=${1##*/}
local pid

# Test syntax.
if [ "$#" = 0 ] ; then
echo $"Usage: status {program}"
return 1
fi

# First try "pidof"
pid=`pidof -o $$ -o $PPID -o %PPID -x $1 || \
pidof -o $$ -o $PPID -o %PPID -x ${base}`
if [ -n "$pid" ]; then
echo $"OK : ${base} (pid $pid) is running..."
return 0
fi

# Next try "/var/run/*.pid" files
if [ -f /var/run/${base}.pid ] ; then
read pid < /var/run/${base}.pid
if [ -n "$pid" ]; then
echo $"CRITICAL : ${base} dead but pid file exists"
return 1
fi
fi
# See if /var/lock/subsys/${base} exists
if [ -f /var/lock/subsys/${base} ]; then
echo $"CRITICAL : ${base} dead but subsys locked"
return 2
fi
echo $"CRITICAL : snort is stopped"
return 3
}

status snort
fi