Hi friends, I wanted to ask you if you could help me hand to monitor snort with nagios.
Nagios and Snort are on two different hosts on the same LAN
How to monitor snort on another host
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: How to monitor snort on another host
https://exchange.nagios.org//directory/ ... rt/details is a bit old, but you should check it out and see if it works for you.
Re: How to monitor snort on another host
Archive is demaged.dwhitfield wrote:https://exchange.nagios.org//directory/ ... rt/details is a bit old, but you should check it out and see if it works for you.
Re: How to monitor snort on another host
Greetings, I was able to open the archive without issue with 7zip. The script is very tiny so I've pasted it below as well:
if [ $1 ]; then
status=$1
echo "$status"
exit -1
else
status() {
local base=${1##*/}
local pid
# Test syntax.
if [ "$#" = 0 ] ; then
echo $"Usage: status {program}"
return 1
fi
# First try "pidof"
pid=`pidof -o $$ -o $PPID -o %PPID -x $1 || \
pidof -o $$ -o $PPID -o %PPID -x ${base}`
if [ -n "$pid" ]; then
echo $"OK : ${base} (pid $pid) is running..."
return 0
fi
# Next try "/var/run/*.pid" files
if [ -f /var/run/${base}.pid ] ; then
read pid < /var/run/${base}.pid
if [ -n "$pid" ]; then
echo $"CRITICAL : ${base} dead but pid file exists"
return 1
fi
fi
# See if /var/lock/subsys/${base} exists
if [ -f /var/lock/subsys/${base} ]; then
echo $"CRITICAL : ${base} dead but subsys locked"
return 2
fi
echo $"CRITICAL : snort is stopped"
return 3
}
status snort
fi
if [ $1 ]; then
status=$1
echo "$status"
exit -1
else
status() {
local base=${1##*/}
local pid
# Test syntax.
if [ "$#" = 0 ] ; then
echo $"Usage: status {program}"
return 1
fi
# First try "pidof"
pid=`pidof -o $$ -o $PPID -o %PPID -x $1 || \
pidof -o $$ -o $PPID -o %PPID -x ${base}`
if [ -n "$pid" ]; then
echo $"OK : ${base} (pid $pid) is running..."
return 0
fi
# Next try "/var/run/*.pid" files
if [ -f /var/run/${base}.pid ] ; then
read pid < /var/run/${base}.pid
if [ -n "$pid" ]; then
echo $"CRITICAL : ${base} dead but pid file exists"
return 1
fi
fi
# See if /var/lock/subsys/${base} exists
if [ -f /var/lock/subsys/${base} ]; then
echo $"CRITICAL : ${base} dead but subsys locked"
return 2
fi
echo $"CRITICAL : snort is stopped"
return 3
}
status snort
fi
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.