<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Oh no, I use 1.4 ver. <div>I installed from <span class="Apple-style-span" style="white-space: pre; "><a href="http://www.openinfosecfoundation.org/download/suricata-1.4.tar.gz">http://www.openinfosecfoundation.org/download/suricata-1.4.tar.gz</a>.</span></div><div><span class="Apple-style-span" style="white-space: pre; "><br></span></div><div><br></div><div><br><div><div>On 2013/02/07, at 17:02, Peter Manev wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><br><br><div class="gmail_quote">On Thu, Feb 7, 2013 at 6:18 AM, Jutaro Kajita <span dir="ltr"><<a href="mailto:j.kajita@espeid.jp" target="_blank">j.kajita@espeid.jp</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">Oops!<div><br></div><div>I thought this feature was valid for the 1.3 ver. because I could not find the "rule-reload"</div><div>in the suricata.yaml,</div></div></blockquote><div>
I could recommend updating/switching to 1.4 and using the latest suricata.yaml provided.<br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">
<div> but after I added this line with the value "true", my Ubuntu and CentOS</div>
<div>Executed the live rule swap.</div><div><br></div><div>thank you.</div><div><div><div><div><div>On 2013/02/06, at 16:50, Peter Manev wrote:</div><br><blockquote type="cite"><br><br><div class="gmail_quote">
On Wed, Feb 6, 2013 at 8:36 AM, Jutaro Kajita <span dir="ltr"><<a href="mailto:j.kajita@espeid.jp" target="_blank">j.kajita@espeid.jp</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I read through the online documentation of Suricata1.4 on OISF page but I couldn't find the actual article that deals with<br>
live rule hot swap previously dealt with in 1.3 version.\<br></blockquote><div><a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Live_Rule_Swap" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Live_Rule_Swap</a><br>
you mean you couldn't find that article ? or is it something else you were referring to?<br><br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Is there any configuration in suricata.yaml file or in oinkmaster.conf while I am using Oinkmater as the rule manager?<br>
I couldn't renew the rule set after I started Suricata engine as<br>
<br>
$suricata -c /etc/suricata/suricata.yaml -i <eth0> -D<br>
<br>
though I created example ".rule" file in the rule directory and made small change in the rule file.<br>
<br>
I think this means if I use Suricata as IPS on a remote server, I won't get new rules to work because stopping Suricata means stopping queueing.<br>
Thanks in Advance.<br>
<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org/" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div>
</blockquote></div><br></div></div></div></div></blockquote></div><br><br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div>
</blockquote></div><br></div></body></html>