[Oisf-users] Suricata 1.4 Rule set up and update
Jutaro Kajita
j.kajita at espeid.jp
Wed Feb 6 07:36:51 UTC 2013
I read through the online documentation of Suricata1.4 on OISF page but I couldn't find the actual article that deals with
live rule hot swap previously dealt with in 1.3 version.
Is there any configuration in suricata.yaml file or in oinkmaster.conf while I am using Oinkmater as the rule manager?
I couldn't renew the rule set after I started Suricata engine as
$suricata -c /etc/suricata/suricata.yaml -i <eth0> -D
though I created example ".rule" file in the rule directory and made small change in the rule file.
I think this means if I use Suricata as IPS on a remote server, I won't get new rules to work because stopping Suricata means stopping queueing.
Thanks in Advance.
More information about the Oisf-users
mailing list