[Oisf-users] Suricata 1.4 Rule set up and update

Jutaro Kajita j.kajita at espeid.jp
Thu Feb 7 08:11:19 UTC 2013


Oh no, I use 1.4 ver. 
I installed from http://www.openinfosecfoundation.org/download/suricata-1.4.tar.gz.



On 2013/02/07, at 17:02, Peter Manev wrote:

> 
> 
> On Thu, Feb 7, 2013 at 6:18 AM, Jutaro Kajita <j.kajita at espeid.jp> wrote:
> Oops!
> 
> I thought this feature was valid for the 1.3 ver. because I could not find the "rule-reload"
> in the suricata.yaml,
> I could recommend updating/switching to 1.4 and using the latest suricata.yaml provided.
>  
> but after I added this line with the value "true", my Ubuntu and CentOS
> Executed the live rule swap.
> 
> thank you.
> On 2013/02/06, at 16:50, Peter Manev wrote:
> 
>> 
>> 
>> On Wed, Feb 6, 2013 at 8:36 AM, Jutaro Kajita <j.kajita at espeid.jp> wrote:
>> I read through the online documentation of Suricata1.4 on OISF page but I couldn't find the actual article that deals with
>> live rule hot swap previously dealt with in 1.3 version.\
>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Live_Rule_Swap
>> you mean you couldn't find that article ? or is it something else you were referring to?
>> 
>>  
>> Is there any configuration in suricata.yaml file or in oinkmaster.conf while I am using Oinkmater as the rule manager?
>> I couldn't renew the rule set after I started Suricata engine as
>> 
>> $suricata -c /etc/suricata/suricata.yaml -i <eth0> -D
>> 
>> though I created example ".rule" file in the rule directory and made small change in the rule file.
>> 
>> I think this means if I use Suricata as IPS on a remote server, I won't get new rules to work because stopping Suricata means  stopping queueing.
>> Thanks in Advance.
>> 
>> 
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>> 
>> 
>> 
>> -- 
>> Regards,
>> Peter Manev
> 
> 
> 
> 
> -- 
> Regards,
> Peter Manev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130207/e9bc2ee8/attachment-0002.html>


More information about the Oisf-users mailing list