Posts Tagged ‘snorby’

h1

Snorby: Debug the mailing feature and creating cron job

November 4, 2013

Do not run the following commands unless you really need to:

cd /path/to/snorby

bundle exec rails c production
Snorby::Jobs::SensorCacheJob.new(true).perform
Snorby::Jobs::DailyCacheJob.new(true).perform (this command is invalid for version 2.6.2)

I tried a few things. From the shell of my CentOS 6.4 everything works fine but can’t make it automatically to send me reports, so I didn’t bother to go ahead with the source but just added that simple file (named snorby_report.cron) in /etc/cron.daily:

#!/bin/sh
cd /path/to/snorby
RAILS_ENV=production /usr/bin/rails r ‘Snorby::Jobs::SensorCacheJob.new(true).perform’

Advertisements
h1

checking for all runnung barnyard2 proceesses

November 2, 2013

I am running “snort” with two sensors. Occasionally one of my “barnyard2” processes is dying and if I am not checking the processes on the shell, there is no way I’ll know that. So I wrote a single line perl script and put it in a cron job to be run every five minutes. If there are not two barnyard2 processes running, I’m getting an e-mail. Is that simple.

 

if(`ps -aef |grep barnyard2 |grep -v grep |wc -l`!=2) {`mail -s BY2DOWN me\@email.edu</dev/null`;};

 

Of course, the whole procedure could be automated, I mean if the script detects the issue, could restart my init.d script controlling barnyard2 (in my case it controls snortd and barnyard2 at the same time) but wth will I do that… Just login and start the process is enough in my case.

So, just decided to share. Put #!/bin/perl on the top of the line above, make it chmod +x or 755, the cron should be */5 * * * * /full/path/by2.check, or something like that. That line should be enough for beginners if any.